A recent series of ransom letters demanding payment in bitcoin to prevent Distributed Denial of Service (DDoS) and other types of attacks have been sent to businesses across the globe in a variety of different sectors. The hacker group responsible claimed to be the Armada Collective, a black hat group that went silent in 2015. After a blog post by Cloudflare exposed these threats as empty and most likely coming from copycats, the ransom letters claiming to be from the Armada Collective stopped and a new batch of letters, this time allegedly from another dormant hacker group, the Lizard Squad appeared.
The Lizard Squad first gained notice in 2014 with a series of DDoS attacks aimed at the gaming industry, including Xbox Live, the Playstation Network and League of Legends. They also carried out an attack on Malaysia Airlines’ website, claimed responsibility for an attack on Facebook, Instagram and Tinder that was never proven to be an actual attack and threatened to release explicit celebrity photos in 2015.
Considering that Cloudflare suddenly made it onto the “Lizard Squad’s” target list following the Armada Collective post and that none of these threats have been executed either, it is most likely the same copycat group responsible for both. However, that doesn’t mean organizations shouldn’t be concerned or ignore threats if they receive them.
You never know which threats are legitimate and which are not. It’s quite possible that the first batch of hoax letters was a ploy to entice recipients to let their guards down, or the group may be building a rolodex of companies based on who responds and how in preparation for another attack.
Oracle Dyn is here to help.
Oracle Dyn takes all threats seriously and are aware of the risk and concern that these ransom letters raise within organizations, that’s why we offer our platform as a managed service. Let us worry about what is legit or not, we’ll take care of it.
Oracle Dyn recommends the following steps to ensure your security if you should receive an extortion threat:
- Stay calm, don’t pay. There is no guarantee that an attack will occur, or that payment would prevent one. Paying cyber criminals will let threat actors know that your organization is an easy target.
- Document your procedures. Have a plan for what to do in the event of a threat or attack. Make sure that plan is clearly documented and communicated within your organization.
- Check your systems. Make sure that your security posture is up-to-date and that your systems have been patched.
- Rate control is not enough. Oracle Dyn has found that in the case of highly distributed attacks, tens of thousands of IPs will render rate control useless. In the event of an attack, we recommend turning all advanced Bot detection features to block mode.
- Take a closer look at anomalies. Use the Oracle Dyn dashboard and alerting features to get deeper insight into what is happening on your network. Even the slightest anomaly may be an early sign of something bigger.
- Continue to follow Oracle Dyn for the latest security news.