Fancy Bear imposters launch wave of extortion demands

Get a free Techzine subscription!

Targets must pay thousands in Bitcoin or face DDoS attacks.

Last week, the digital security firm Radware published a blog post that included extortion notes from hackers. These notes had been sent to a variety of companies around the world, according to Radware.

In each of these “ransom notes,” the senders claim to be from the Russian state-backed hackers Fancy Bear, also known as APT28. In others, they purport to be the North Korean government hackers Lazarus Group, or APT38. There are even some that claim to be part of something called the “Armada Collective.”

The letters are sent to a generic email address and do not always immediately reach the right person in the organization. In some cases, letters were received by subsidiaries or branches in the wrong country.

How the scheme typically works

The extortion letters sent by the Ransom DDoS group warn that the recipient’s network will be subject to a DDoS attack starting in about a week from the sending of the letter.

The initial ransom demands are set in Bitcoin and range between 10 BTC (roughly $113,000) and 20 BTC (about $226,000) The hackers warn that the ransom will increase by 10 BTC for each day not paid.

Good business practices?

If payment is not made on time, by the extortionists send a follow up message saying that they have received nothing and that there must must be a mistake on the victim’s side.

Indeed, it seems that they are really trying to be “good guys”, preferring to do business rather than attack. They say that they want to give the victim a “second chance to reconsider before going down for good.”

What to do if you are threatened

Radware advises against paying the ransom demand as there is no guarantee the malicious actors will honor the terms and it “identifies” the target organization as one that is willing to pay under threat.

The FBI has also recommended that companies that received such ransom notes from the criminal gang behind this ongoing RDoS campaign not to pay the criminals’ ransom.

Instead, both Radware and the FBI recommend that companies beef up their security to withstand such DDoS attacks.

Also read: Cybercrime becomes more sophisticated: ‘we can’t continue like this.’