DDoS Extortion Attacks Leave Several Retail and Finance Firms Bleeding

A group of attackers has been found targeting organizations with DDoS attacks, and asking for ransom from organizations across the U.S., the U.K., and the Asia Pacific, specifically those in the finance, travel, and e-commerce sectors.

What happened?

A few weeks ago, Akamai researchers disclosed a cybercrime group threatening several prominent organizations with potential DDoS attacks and asking for thousands of dollars in ransom. Now, the same group has reportedly been found targeting a bunch of financial organizations as well.
  • The attackers have already targeted several renowned organizations, including MoneyGram, Worldpay, Yes Bank, Braintree, PayPal, Venmo, and most recently, the New Zealand stock exchange (NZX).
  • In the ransom note, attackers are pretending to be internationally known hacking groups such as Fancy Bear and Armada Collective to create fear among the victims.
  • They ask for a ransom payment ranging from 5 bitcoins (approximately $57,000) to 20 BTC (around $227,000).

Attack characteristics

  • During these attacks, some of the victims faced around 200 Gbps of traffic, while one of the previously targeted victims witnessed attack traffic of around 50 Gbps.
  • The attackers used DNS floods, SYN flood, SNMP flood, WSDiscovery flood, GRE protocol flood, and ARMS attacks as the main vectors during these attacks.

Recent incidents

  • In June 2020, hacking groups operating from China were found targeting several private and public entities in India, targeting them via ransomware, IP hijack, and DDoS attacks, in order to extort ransom from them.
  • In February 2020, several banks and other financial organizations in Australia were targeted by an extensive DDoS extortion campaign, asking for large payments in Monero to stop the attacks.

Conclusion

With these DDoS attacks, cybercriminals are attempting to cripple cyber-physical systems, and thus, damage the business continuity and reputation of the targeted organizations. However, experts suggest refraining from paying the ransom as cybercriminals cannot be trusted. Moreover, ransom payments fuel attackers towards a greater number of attacks on other organizations.