Website extortionists rake in over $100,000 without lifting a finger

'Armada Collective' threatens to carry out DDoS attacks, never actually attacks

Sopranos

Reputation is everything in business: it appears a bunch of canny scammers have stolen the identity of a hacking squad to make some serious bank.

Back in November, a group calling itself the Armada Collective carried out a series of distributed denial of service (DDoS) attacks on webmail providers who refused to pay them a protection fee in Bitcoins. Some alleged members of the group were arrested in January, but now reports are coming in that someone is purely using their reputation for criminal gain.

CloudFlare says more than 100 companies have received emails from a group calling itself the Armada Collective demanding between 10 and 50 Bitcoins in exchange for not being attacked, and warning that the price will rise if they don't pony up the funds. We're told no websites were actually flood offline by the collective – because everyone paid up, just in case.

"Our attacks are extremely powerful – sometimes over 1Tbps per second. And we pass CloudFlare and others' remote protections! So, no cheap protection will help," the email warns.

Some sleuthing showed that the extortionists are reusing the same Bitcoin wallet for all emails, making it tricky for the crims to check exactly who has paid and who hasn't. This prompted CloudFlare to do some digging.

"Our conclusion was a bit of a surprise: we've been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack," said Matthew Prince, CEO of CloudFlare.

"In fact, because the extortion emails reuse Bitcoin addresses, there's no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments."

Prince said that he had checked with other DDoS mitigation businesses and none of them have seen any attacks against companies that have received the collective's demands.

"While the actual members of the original Armada Collective appear locked up in a European jail, with little more than some Bitcoin addresses and an email account, some enterprising individuals are drafting off the group's original name, sowing fear, and collecting hundreds of thousands of extorted dollars," he said.

There are groups out there performing actual attacks if they don't get a ransom, he said, but this isn't one of them. So if you get an email from the Armada Collective, there's no reason to pay up. ®

Sponsored: Technical Overview: Exasol Peek Under the Hood

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2019