Extortionists Demand Ransom In 'Empty' DDoS Threats

An extortionist hacker group calling itself Armada Collective is sending e-mail threats to organizations demanding money or they will wage distributed denial-of-service (DDoS) attacks against them -- but the DDoS threats apparently are a ruse.

CloudFlare discovered some 100 organizations who were threatened with a "protection fee" with payment to be made in Bitcoins ranging from 10- to 50, about $4,600 to $23,000. Thus far, the group, which goes by the name of a former DDoS gang, has collected hundreds of thousands of dollars, without even carrying out one DDoS attack.

The email campaign warns the recipient to pay up or face powerful DDoS attacks of "sometimes over 1 Tbps per second." It even goes on to claim that the attacks will bypass CloudFlare and other protection providers. 

"Our conclusion was a bit of a surprise: we've been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack. In fact, because the extortion emails reuse Bitcoin addresses, there's no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments," wrote Matthew Prince, CEO of CloudFlare in a blog post.

The same company is sometimes sent the identical threat mail over and over again even if it has paid the extortion fee. There is also no correlation between the size of the victim organization and the sum demanded from it, according to CloudFlare.

Read more about the extortion scheme on the CloudFlare Blog.