What’s the matter?
Researchers have observed several‘Ransom Denial-of-Service’ (RDOS) attacks launched against financial institutions over the past week.
Why it matters?
These DDoS attacks were found to be carried out by cybercriminals impersonating the infamous Russian APT group ‘Fancy Bear’.
The big picture
A researcher from Radware, Daniel Smith, noted that the attackers are launching large scale, multi-vector demo DDoS attacks against companies in the financial sector and are sending ransom letters to the victims. Smith added that the fake Fancy Bear group threatens the companies with a follow-up attack if they do not make the payment within a week.
“The victims are threatened with a follow-up DDoS attack if they do not make a payment in bitcoin within a week. At the moment, no follow-up attacks have been observed,” Smith told ZDNet.
Another researcher from Link11, Thomas Pohle, confirmed the same, adding that the purpose of these demo attacks is to trick victims into paying the ransom demand.
Contents of the ransom letter
The ransom letter sent to victims threatens that a DDoS attack will be launched in XX days. The letter goes to to say that a harmless demo attack will be launched now that will last for 30 minutes. In order to avoid this attack, it asks for a ransom payment of 2 bitcoin, which is worth $15,000.