Scammers Impersonate Russian Hackers to Extort Companies with DDoS Threats

By Ava McKinneyOnline Safety

Scammers Use DDoS Threats, Pretend to Be Russian Hackers

According to a report by ZDNet, unknown scammers are impersonating the Russian-speaking hacker group Fancy Bear and extorting organizations in the financial sector by threatening them with DDoS attacks. Companies in the entertainment and retail industries have also fallen victim to these extortion attempts.

The existence of these scammers was first reported to journalists by a reader, and this information was soon confirmed by experts from Link11 and Radware, companies that provide DDoS protection services. Daniel Smith, an expert at Radware, stated that the extortion attacks began last week and have mainly targeted financial organizations.

Demonstration Attacks Back Up Threats

Unlike many similar cases, the hackers’ threats are not entirely empty. Analysts confirm that the group actually launches multi-vector demonstration DDoS attacks on companies when demanding ransom. According to Thomas Pohle, a specialist at Link11, these demonstration attacks use a mix of different protocols, including DNS, NTP, CLDAP, ARMS, and WS-Discovery.

Ransom Demands and Tactics

In the ransom note sent to their targets, the fake Russian hackers demand a payment of 2 bitcoins, which is about $15,000 at the current exchange rate. If companies do not pay within a week, they are threatened with a powerful and prolonged DDoS attack. So far, no follow-up attacks have been recorded.

Experts believe the extortionists carefully research and select their targets in advance. According to Pohle, the DDoS attacks are not aimed at company websites, but at their internal servers, which usually lack DDoS protection and are left idle as a result of such “close attention” from the criminals.

Copycat Extortion Schemes

Researchers note that the ransom letters sent by the scammers are almost identical to other extortion messages used in 2017 by different criminals who also pretended to be the Fancy Bear group.

It’s worth recalling that the years 2015-2017 saw a surge in DDoS extortion attacks and imitators of well-known hacker groups. For example, at that time, copycats claimed to be the Armada Collective, as well as other infamous groups like Anonymous, LulzSec, Hackers New World, Lizard Squad, and Fancy Bear.

Current Situation and Outlook

Ultimately, this activity almost stopped, as victims realized that most extortionists did not have the “firepower” to carry out their threats and launch real DDoS attacks. Unlike those imitators, the current scammers posing as Fancy Bear appear to have access to a real botnet, although it is still unclear how powerful it is.

Leave a Reply