The FBI warns US companies that thousands of organizations around the world are under threat of DDoS attacks within six days if they refuse to pay the ransom demanded Bitcoin. Between hacking groups behind this campaign DDoS (RDDoS or RDoS) which started on 12 August 2020 and is still ongoing, including Fancy Bear, Cozy Bear, Lazarus Group and Armada Collective, which are also presented in the ransom notes sent to the target organizations.
In the notification Flash MU-000132-DD distributed to US companies last week, the intelligence service of USA adds that the criminal gang is currently targeting organizations active in the trade, economy, travel and E-commerce.
While the FBI did not provide any information on the areas targeted by the hackers in this campaign, the Israeli cybersecurity company Radware which also issued a notice to these attacks yesterday, he noted that he received reports of attacks by entities in North America, Asia-Pacific, Europe, the Middle East and Africa. Furthermore, ransom demanded by hackers from victims ranges between 10 BTC (approximately $ 113.000) and 20 BTC (approximately $ 226.000). The ransom notes also state that DDoS attacks will reach 2Tbps if companies fail to find the money and pay the ransom, with the ransom fee increasing by 10 BTC for each missed deadline from the beginning. of attacks.
The American security company in cloud "Akamai" pointed out in its report that the ransom notes are similar to those sent during an RDoS campaign from November 2019, as well as one from 2017, according to the FBI notice. In addition, the FBI notes that many organizations affected by this RDoS campaign reported small-scale demonstration attacks after receiving the notes, but in most cases, did not pursue DDoS activity after the six-day deadline. However, many organizations have reported that businesses they were affected by attacks that could not be mitigated.
Akamai noted that these attacks attack at a maximum of 200 Gb / sec, using ARMS, DNS Flood, GRE Protocol Flood, SNMP Flood, SYN Flood and WSDiscovery Flood attacks as their main actors. The FBI also advised US companies that received ransom notes from the criminal gang not to pay the ransom, as accepting the hackers' requests would directly fund their future operations and encourage them to target other potential victims.
Targeted companies are also required to report to the FBI any DDoS attacks that affect them to provide information that could help prevent attacks against other targets, as well as to identify those responsible. At the same time, the FBI recommends that US agencies use services DDoS mitigation to detect and block these attacks before their networks are affected. Finally, organizations are encouraged to work with their ISP to facilitate traffic monitoring. network and block it in the event of a DDoS attack.