DDoS Extortion Group Resurfaces Amidst Bitcoin’s Price Hike

The unprecedented rise of Bitcoin and other cryptocurrencies have attracted several players in the industry. However, while institutional and retail investors have flooded the market, it has also attracted threat actors.

Between the last week of December and the first week of January 2021, customers of cybersecurity provider Radware received threats from a global ransomware DDoS group .

The group initially launched attacks on the customers in August last year, before going under the radar. However, it seems they have resurfaced as the threat emails sent by the group to organizations suggest.

“We were busy working on more profitable projects, but now we are back,” the threat email reads.

When the ransom letters were analyzed, it was revealed that the same threat actors responsible for the August attack are behind these threat emails as well.

However, the companies that received the new threat messages have not responded or complied to pay ransom to the ransomware gangs, according to reports.

The organizations are also not known to the media, so only the ransomware group would know them.

Radware revealed that the initiators of the threat messages are the same group that launched ransomware campaigns on organizations last year.

Between December and January, the threat actors sent extortion letters to five Radware customers. They threatened the organizations and asked for five Bitcoin (valued at about $200,000) as ransom, or deal with a cyber attack.

“We asked for 10 bitcoin to be paid at to avoid getting your whole network DDoSed,” the ransomware gang threatened.

The threat actors say they are supposedly representing notorious ransomware gangs Armanda Collective, Lazarus Group , and Fancy Bear .

During the first ransomware campaign of the group last year, they infiltrated several companies, including Magyar Telecom, OTP Bank, the New Zealand Exchange, and many other organizations.

Before the attack, the FBI released an advisory, warning the organizations about the imminent attack and giving them directives on what to do.

At the time, the Director of threat intelligence at Radware Pascal Geenens reported that four of the company’s customers were targeted by DDoS attacks . He added that the DDoS attacks are very advanced, with the heaviest running at over 230 gigabits-per-second and last about 10 hours.

However, the targeted organizations were not seriously affected, as they didn’t suffer any network issues or downtimes. That’s because they immediately redirected their traffic to a Radware scrubbing center.

The gang further stated that it’s been a long time they received funds from the organization, and warned that the organization cannot mitigate the pending attack if they refuse to comply with the ransom demand.

Bitcoin has surged to unprecedented levels within the past few weeks. The top cryptocurrency has a very attractive price tag, and it seems threat actors want to partake in the windfall. Bitcoin’s and other cryptocurrencies’ decentralized nature makes it a safe haven for cybercriminals and threat actors.  It’s very difficult to trace them through their Bitcoin receiving wallet, unlike fiat currency accounts.

As result, the ransomware gangs keep threatening organizations to send them funds via their Bitcoin address, since it’s untraceable.

DDoS extortion campaign began last year when a single Bitcoin was still valued at around $10,000. The cryptocurrency reached an enviable height of $40,000 earlier this year, although as of press time, it has dropped to $30,000. This is considerably still high, considering its price less than 6 months ago.

The threat actors even cited this fact in their threat email, which represents how Bitcoin’s price has impacted the level of cyber threat organizations are currently facing.

Security organizations noted that the fast rise in Bitcoin’s price also caught the threat groups by surprise, as they have now reduced their ransomware demands by up to 50%. The particular group demanded a ransom of 10 BTC the last time, but they have slashed the demand to 5 BTC, due to the increase in the coin’s price.

Greenens said the attackers hardly attack a single organization twice. But one of the possible reasons could be the high rise of Bitcoin . They may be taking advantage of Bitcoin’s volatile market to sell their extorted funds and make more money while Bitcoin’s price is still high.