Extortionists Demand Ransom In 'Empty' DDoS Threats

Gang of cybercriminals calling itself the Armada Collective threatens online businesses in return for Bitcoins.

Dark Reading Staff, Dark Reading

April 26, 2016

1 Min Read
Dark Reading logo in a gray background | Dark Reading

An extortionist hacker group calling itself Armada Collective is sending e-mail threats to organizations demanding money or they will wage distributed denial-of-service (DDoS) attacks against them -- but the DDoS threats apparently are a ruse.

CloudFlare discovered some 100 organizations who were threatened with a "protection fee" with payment to be made in Bitcoins ranging from 10- to 50, about $4,600 to $23,000. Thus far, the group, which goes by the name of a former DDoS gang, has collected hundreds of thousands of dollars, without even carrying out one DDoS attack.

The email campaign warns the recipient to pay up or face powerful DDoS attacks of "sometimes over 1 Tbps per second." It even goes on to claim that the attacks will bypass CloudFlare and other protection providers. 

"Our conclusion was a bit of a surprise: we've been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack. In fact, because the extortion emails reuse Bitcoin addresses, there's no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments," wrote Matthew Prince, CEO of CloudFlare in a blog post.

The same company is sometimes sent the identical threat mail over and over again even if it has paid the extortion fee. There is also no correlation between the size of the victim organization and the sum demanded from it, according to CloudFlare.

Read more about the extortion scheme on the CloudFlare Blog

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights