Empty DDoS Threats: Meet the Armada Collective
4 stars based on
70 reviews
Beginning in Marchwe began hearing reports of a gang of cybercriminals once again calling themselves the Armada Collective. The calling card of the gang was an extortion email sent to a wide variety of online businesses threatening to launch DDoS attacks if they weren't paid in Bitcoin.
From The Wizard of Oz We heard from more than existing and prospective CloudFlare customers who had received the Armada Collective's emailed threats. We've also compared notes with other DDoS mitigation vendors with customers that had received similar threats.
Our conclusion was a bit of a surprise: In fact, because the extortion emails reuse Bitcoin addresses, there's no way the Armada Collective can tell who has paid and who has not. In spite armada collective bitcoin values that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments.
The extortion emails sent by the Armada Collective have been remarkably consistent over the last two months. We are Armada Collective. If you don't pay by [date], attack will start, yours service going down permanently price to stop will increase to 20 BTC and will go up 10 BTC for every day of attack. Our attacks are extremely powerful - sometimes over 1 Tbps per second. And we pass CloudFlare and others remote protections!
So, no cheap protection will help. Do not reply, we will not read. Pay and we will know its you. There does not appear to be any correlation of the amount requested and the size or financial resources of armada collective bitcoin values threatened victim. While the message armada collective bitcoin values that the attackers will know who has paid, we've seen several examples of multiple victims being targeted during the same time period and asked to send the same amount to the same Bitcoin address.
Since Bitcoin is, as the message correctly notes, anonymous, this means that there is no way for the attacker to tell who has paid the extortion fee and who has not. Given that the attackers can't tell who has paid the extortion fee and who has not, it is perhaps not surprising to learn that they appear to treat all victims the same: To date, we've not seen a single attack launched against a threatened organization.
This is in spite of nearly all of the threatened organizations we're aware of not paying the extortion fee. We've compared notes with fellow DDoS mitigation vendors and none of them have seen any attacks launched since March against organizations that have received Armada Collective threats.
Unfortunately, in spite of the lack of actual DDoS follow through, it appears that many victims are paying the extortion fee. This is not the first group armada collective bitcoin values call themselves the Armada Collective. Unlike the current incarnation, the original Armada Collective did carry through on their DDoS threats. That group went silent in November In reality, we and other DDoS mitigation vendors never saw attacks larger than 60Gbps.
Regardless, CloudFlare successfully mitigated all of the original group's attacks targeting our customers, perhaps prompting the Copycat Armada Collective to double the size of their claimed attack capacity to 1Tbps and call CloudFlare out by name in their new threats. Incidentally, we have plenty of capacity to stop even an attack that large if it ever turns out to be anything more than hypothetical. When I was first briefed by our team about this latest incarnation of the Armada Collective, I keep thinking of that scene in armada collective bitcoin values movie the Princess Bride where the mild-mannered Wesley explains to Princess Buttercup how he armada collective bitcoin values the "Dread Pirate Roberts": You see, no one would surrender to the Dread Pirate Wesley.
And so, it seems, the same is true with cybercriminals. While armada collective bitcoin values actual members of the original Armada Collective appear locked up in a European jail, with little more than some Bitcoin addresses and an email account some enterprising individuals are drafting off the group's original name, sowing fear, and collecting hundreds of thousands of extorted dollars.
The extortion emails encourage targeted victims to Google for the Armada Collective. I'm hopeful this article will armada collective bitcoin values appearing near the top of search results and help organizations act more rationally when they receive such a threat. It's important to note that not all DDoS extortion threats are empty. There are several groups currently sending out extortion emails that actually do follow through on their threats. I won't name them here so as not to encourage copycats.
However, if you ever receive a threat and want to know more about the group, don't hesitate to reach out. We're always happy to share our view from the perspective of the more than 4 million customers we help protect from real cyber attacks every day. From The Wizard of Oz We heard from more than existing and prospective CloudFlare customers who had received the Armada Collective's emailed threats.
Armada collective bitcoin values Threat The extortion emails sent by the Armada Collective have been remarkably consistent over the last two months. This is not a joke. Bitcoin is anonymous, nobody will ever know you cooperated.