The Federal Bureau of Investigation (FBI) has issued an alert informing US companies about a wave of DDoS extortion attacks aimed at organizations from the retail, financial, travel, and e-commerce industry verticals.
The attackers behind this campaign, which began on August 12 this year, are impersonating well known hacker groups such as Fancy Bear, Cozy Bear, Lazarus Group, and Armada Collective in the ransom notes delivered to the targeted companies. The targeted orgs are threatened with DDoS attacks if they fail to pay the ransom demand in six days.
According to cyber-security firm Radware, ransom demand ranges between 10 BTC and 20 BTC with ransom letters threaten cyber attacks of over 2Tbps if payment is not made. To prove the threat is not to be taken lightly, the attackers conduct so called demo-attacks.
“In many cases the ransom threat Is followed by cyberattacks ranging from 50Gbps to 200Gbps. The attack vectors include UDP and UDP-Frag floods, some leveraging WS-Discovery amplification, combined with TCP SYN, TCP out-of-state, and ICMP Floods,” the researchers said.
The FBI recommended the companies that became a target of this ongoing RDoS campaign not to pay a ransom because this “emboldens adversaries to target additional organizations, encourage other criminal actors to engage in additional RDOS activity, and/or may fund illicit activities.” Companies are also advised to use DDoS mitigation services that detect abnormal traffic flows and redirects traffic away from network.