Armada Collective, a mysterious group of cybercriminals seem to be back again! The group known to disrupt websites by launching Distributed Denial of Service (DDoS) attacks may have sent emails demanding Bitcoin ransom from website owners.
According to reports, many internet users have received an email demanding a ransom of 1 BTC. The sender, claiming to be from Armada Collective has threatened to launch a 10-300 Gbps DDoS attack on the servers of those who fail to pay before 8:00 PM on September 6, 2016. The email also claims that once the DDoS attack is underway, they won’t stop unless the victims pay 20 BTCs.
The re-emergence of Armada Collective was reported earlier today by a business media website. Etienne Delport from South Africa who runs Alpha Bookkeeping Services and Michael O’Connor, a UK based professional musician were among those who received the threatening email from Armada Collective.
In the email, the cybercriminals claim to have checked the security of their victims’ servers to find them vulnerable and obsolete. The email also gives some information about the kind of attack the targets will be facing. In addition to a large-scale DDoS attack, Armada Collective may also use Cerber Ransomware.
Cerber Ransomware threats aren’t uncommon. There have been an ample number of attacks involving variants of this malware. Prevalent among the Russian underground forums, the Cerber malware is known to be distributed using Exploit kits. There are few decrypting software available which are effective against few strains of Cerber ransomware. However, the heavily customizable nature of Cerber has limited the use of such decryption tools.
The email sent by so-called Armada Collective member (in the picture below) also provides the targets with instructions to buy and send Bitcoin to the mentioned wallet address. The Bitcoin address mentioned in the threat has not received any ransom yet.
The UK law enforcement agencies, contacted by one of the recipients of the email has asked people not to pay the ransom. Cybersecurity experts have advised website owners to buy DDoS protection services, which are usually much cheaper than the 1 BTC ransom demanded by cybercriminals claiming to be from Armada Collective.
Armada Collective became well-known after a series of attacks last year. ProtonMail, a leading secure email service provider was targeted by the group. Among those affected includes several businesses and financial institutions in Switzerland and Thailand
It is not clear whether the email was really sent by Armada Collective or someone claiming to be them. There are many cases in the past where cybercriminals posing to be Armada Collective have easily extorted over $100,00 from their victims.
Tomorrow, we may have more information about the group, depending on whether they are willing to make good of their threats or not.
Ref: IBT |Image: Shutterstock