A Cyber gang who named themselves a “Phantom Squad” has sent out a massive spam to thousands of companies all over the world, scaring that DDoS attacks will start on September 30, if victims will not pay a ransom demand.
The suspicious emails spreading the ransom demands were the first discovered by security researcher Derrick Farmer and the threats seems to have started on September 19 and continue to this day. The emails contain a known threat, as usual, asking companies pay 0.2 BTC (about $750) or prepare to have their website will be shut down on September 30.
It seems the cyber gang sent out emails to multiple recipients at the same time, like a typical spam campaign distributing other forms of malware. Several security experts who reviewed the emails and ransom demands concluded that the cybercriminals do not possess the firepower to launch DDoS attacks to many targets on one day, and it seems they are trying to scare companies hoping to fool victims into ransom payment.
According to Bleeping Computer, they reached out to several Cyber Security companies to get a general idea about this massive threat.
“Not sure how widespread it is regarding volume, but they are indeed spamming a lot of people,” Justin Paine, Head of Trust & Safety at CloudFlare, told Bleeping Computer.
“We’ve had five customers so far report these Phantom Squad emails,” he added. “These geniuses even sent a ransom threat to the noc@ address for a major DDoS mitigation company.”
Radware, DDoS Protection firm, received similar reports, so much so that the Radware issued a security alert of its own. The company researcher Daniel Smith pointed out that the extortionists may not be the real Phantom Squad, a hacker group of DDoS attacks that brought down various gaming networks in 2015.
Smith noticed that the ransom note was almost identical to the one used in summer of 2017 by another hacker gang of extortionists using the name “Armada Collective.” Those extortion attempts through the threat of DDoS attacks also proved to be empty threats, although some of them were successful.
Cyber Security firm Japan CERT has issued a security alert informing their clients how to handle the fake demands and reporting the suspicious emails to authorities. Also, the security researcher Brad Duncan also published a warning on the ISC SANS forums, letting other system admins and security researchers know not to believe the ransom threats.