A cyber-criminal group calling themselves the Phantom Squad has mounted a global extortion campaign, threatening thousands of companies with DDoS if they don’t pay a ransom demand.
A widespread wave of spam targeting companies throughout the US, Europe and Asia was spotted by security researcher Derrick Farmer on September 19, with the messages demanding a payment of around $750 (i.e., 0.2 Bitcoin). The extortionists promise to launch attacks on September 30 unless the demands are met.
Radware researchers, in an alert on the campaign, noted that ransom was the No. 1 motivation last year behind cyber-attacks; in the company’s 2016-2017 Global Application & Network Security Report, half of respondent organizations were subject to this type of extortion threat. And, in parallel to the ransomware plague, Radware said that it has witnessed an emerging trend of hackers (and copycats) who extort organizations by posing an imminent threat of DDoS attacks.
However, there’s some consensus that the gambit is all bluster and bluff.
“Usually, these email threats are sent to a small number of companies one at a time, in order for extortionists to carry out attacks if customers do not pay,” pointed out Bleeping Computer. “Experts who reviewed the emails and ransom demands reached the conclusion that the group does not possess the firepower to launch DDoS attacks on so many targets on the same day, and is most likely using scare tactics hoping to fool victims into paying.”
Further, this group may not even be the real Phantom Squad, which gained notoriety for bringing down a handful of gaming networks in late 2015.
“[Ransom DoS] campaigns can be financially rewarding to a cyber-criminal who enjoys making large amounts of money for little to no investment,” Radware said in its post. “Because of this, many hacking groups now imitate this modus operandi and spam similar ransom threats using other group names, with no intention of launching an attack. In 2016, many opportunists emerged using infamous names like the Armada Collective, Anonymous and Lizard Squad, to spread fear and gain credibility for their threats. This year, Radware has witnessed groups pretending to be Fancy Bear, Armada Collective, Anonymous and Phantom Squad.”
In any event, businesses should be wary if they receive an email, and think twice before paying up. Rather, they can deploy a scrubbing service, ACL/BGP reconfiguration, as well as the usual DDoS protection essentials to assure uptime and SLAs.
“Unfortunately, when even one, high-profile victim chooses to engage with attackers by paying a ransom, we tend to see an increase in these types of attacks,” Stephanie Weagle, VP at Corero Network Security, told us via email. “Most cybersecurity solutions focus on recovery from criminal extortion attacks, rather than defeating one. The DDoS mitigation landscape as evolved to deal with these attacks, automatically, and instantaneously to eliminate the threat to your business. Enterprises should take a more proactive stance when it comes to preventing ransom-related attacks.”
Have you registered for Infosecurity North America taking place in Boston, 04-05 October 2017? For the full agenda, speaker list and more information, please visit https://www.infosecurity-magazine.com/conferences/infosecurity-north-america/