4 September 2020

FBI warns of RDoS extortion attacks against organizations around the world


FBI warns of RDoS extortion attacks against organizations around the world

The Federal Bureau of Investigation (FBI) has issued an alert informing US companies about a wave of DDoS extortion attacks aimed at organizations from the retail, financial, travel, and e-commerce industry verticals.

The attackers behind this campaign, which began on August 12 this year, are impersonating well known hacker groups such as Fancy Bear, Cozy Bear, Lazarus Group, and Armada Collective in the ransom notes delivered to the targeted companies. The targeted orgs are threatened with DDoS attacks if they fail to pay the ransom demand in six days.

According to cyber-security firm Radware, ransom demand ranges between 10 BTC and 20 BTC with ransom letters threaten cyber attacks of over 2Tbps if payment is not made. To prove the threat is not to be taken lightly, the attackers conduct so called demo-attacks.

“In many cases the ransom threat Is followed by cyberattacks ranging from 50Gbps to 200Gbps. The attack vectors include UDP and UDP-Frag floods, some leveraging WS-Discovery amplification, combined with TCP SYN, TCP out-of-state, and ICMP Floods,” the researchers said.

The FBI recommended the companies that became a target of this ongoing RDoS campaign not to pay a ransom because this “emboldens adversaries to target additional organizations, encourage other criminal actors to engage in additional RDOS activity, and/or may fund illicit activities.” Companies are also advised to use DDoS mitigation services that detect abnormal traffic flows and redirects traffic away from network.


Back to the list

Latest Posts

Palmerworm cyber-spies hide in compromised networks for months

Palmerworm cyber-spies hide in compromised networks for months

A new espionage campaign targets companies in Japan, Taiwan, the U.S., and China.
30 September 2020
Healthcare provider UHS hit by a ransomware attack

Healthcare provider UHS hit by a ransomware attack

The cause of the incident is believed to be the Ryuk ransomware.
29 September 2020
Apple fixed four dangerous vulnerabilities in macOS

Apple fixed four dangerous vulnerabilities in macOS

Exploitation of some of the problems allows arbitrary code execution on the system.
28 September 2020