One of our customers received the following email today. It's a clear extortion attempt, they are threatening to execute a combined DDoS and Cerber ransomware attack. These bad guys claim to be the Armada Collective, but the original gang was arrested and are no longer in the running. However, there are copycats that have taken the Armada approach, and send this type of extortion emails to people:
This type of DDoS attacks has increased in frequency, scale and complexity over the past year, driven by DDoS-for-hire services, according to a new report by Imperva. And apparently they are combining the DDoS threat with ransomware as an additional headache.
Copycats can now launch DDoS attacks for very little money, stated Imperva's DDoS Threat Landscape Report 2015-2016. The rapid growth of these services, also known as “stressers” and “booters,” accounted for an increase in the number of DDoS attacks from 63.8 percent in Q2 2015 to 93 percent in Q1 2016.
Now, the choice is to pay or not.
The FBI officially recommends against it, but privately Special Agents admit that if you do not have a backup, paying the ransom is the easiest way to get your files back. This is to a large degree a business decision based on factors like:
- Are you running on a bulletproof server that can handle a mega-sized attack?
- Is your website is directly generating revenues?
- Is being offline costing you money in another way, and how much?
Paying around 500 bucks to make them go away is an option. Refusing and possibly having to pay 10+ grand later is the other way to go. It's a risk assessment only you can make. Part of the assessment is if they are going to come back for more later, similar to the pizza parlor that pays regular protection money to the local mob.
We have not heard about this... yet. But you can count on this happening in the future. You better buy some bitcoin and have it available in a wallet, just in case. Many people do these days!
Free Phish Alert Button
When new ransomware campaigns hit your organization, it is vital that IT staff be alerted immediately. One of the easiest ways to convert your employees from potential targets and victims into allies and partners in the fight against ransomware is to roll out KnowBe4's free Phish Alert Button to your employees' desktops. Once installed, the Phish Alert Button allows your users on the front lines to sound the alarm when suspicious and potentially dangerous phishing emails slip past the other layers of protection your organization relies on to keep the bad guys at bay.
Don't like to click on redirected links? Cut & Paste this link in your browser: