A hacker group claiming to be the Armada Collective, known for its extortion rackets, has taken cybercrime to new levels. The hacker group has duped companies into paying $100,000 (£68,628) by sending them emails with fake threats of launching a DDoS (distributed denial of service) attack.
In just two months, the hacker group has raked in thousands from companies around the world, who failed to realise that they were being tricked by a mere threat of a potential DDoS attack. According to security firm CloudFlare, the Armada Collective emailed business around the globe demanding ransom in Bitcoin and threatening a hack unless a payment was made.
CloudFlare's Matthew Price wrote in a company blog: "We have heard from more than 100 existing and prospective CloudFlare customers who had received the Armada Collective's emailed threats. We've also compared notes with other DDoS mitigation vendors with customers that had received similar threats."
"Our conclusion was a bit of a surprise: we've been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack. In fact, because the extortion emails reuse Bitcoin addresses, there's no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments."
It was also noted that companies who paid up were still sent identical threats repeatedly. Moreover, companies that chose not to respond to the threat observed that despite menacing and sincere tone of the threat, it was not carried through, as discovered by VPN firm Cloak, the Verge reported.
The ruse appears to work effectively because DDoS ransoms in the past have been a fairly profitable and popular scheme for cybercriminals. Victims, fearing backlash, generally refrain from going public and make payments to avoid being compromised.
The Armada Collective rose to prominence in November 2015 after the group launched a massive cyberattack on email services like ProtonMail, FastMail and others. The group again hit several Greek banks in December with DDoS ransom hacks, which left the country's financial system on high alert.