Útočníci vydírají české firmy a hrozí jim DDoS útoky

Aktuálně sledujeme nárůst výhružných e-mailů požadujících platbu v bitcoinech. Konkrétní e-maily útočníků, které byly zaslány do českých společností (pozn.: jména a IP adresy jsme anonymizovali) si můžete prohlédnout dole.

Jak to funguje?

Skupiny jako jsou Venomous Bear, nebo Armada Collective vám e-mailem oznámí, že si vaši společnost vyhlédli jako terč. Pokud nezaplatíte požadované výkupné, pak spustí masivní DDoS útok. V některých případech útočníci realizovali i slíbenou „ukázku demo verze“ takového útoku.

Jak reagovat na tuto hrozbu?

1. Neplatit výkupné a připravit se.
2. Implementovat nebo využívat DDoS ochranu jako službu – řešením je FlowGuard.
3. Získat více informací o možnostech ochrany Jak přežít útoky DDoS a rozhodnout, jakou cestu zvolit.

Výhružka 1

FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE
DECISION!

We are Armada Collective and we have chosen jméno společnosti as target for our next DDoS attack.

Your whole network will be DDoS-ed starting next Thursday if you don’t pay 1 Bitcoin @ číslo bitcoin peněženky

When we say your network, we have your IP ranges, so we will be targeting you directly and no protection will help. And our attacks are very powerful (peak at 2 Gpbs).

As proof right now we will start 10-15 minutes amplification attack on xxx.xxx.xxx.xxx with 5 of our 117 servers, so do the math. We are just making a short time small demonstration, because we don’t want cause you any damage at this moment. Check your logs!

But if you don’t pay by Thursday, long-term attack will start, price to stop will increase to 2 BTC and will go up 1 BTC for every day of attack.

If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time.

This is not a joke.

Our attacks are extremely powerful – peak over 2 Tbps per second. So, no cheap protection will help. We are not sure if it is enough to completely shut down your network, but we will surely cause you large damage, both to you and your users.

You do the calculation.

Prevent it all with just one Bitcoin!

Do not reply, we will probably not read. Pay and we will know its you.

AND YOU WILL NEVER AGAIN HEAR FROM US!

Nobody will ever know you cooperated.

Výhružka 2

PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO
MAKE IMPORTANT DECISIONS!

==========================================

We are the Venomous Bear and we have chosen your company as target for our next DDoS attack. Please perform a google search for „Venomous Bear“ to have a look at some of our previous work.

Your network will be subject to a DDoS attack starting at 2020 November 2nd (Monday).

THIS IS NOT A JOKE, and to prove it right now we will start a small attack on www.xxxxxx.czthat will last for 30 minutes. It will not be heavy attack, at this moment.

What does this mean?

This means that your website and other connected services will be unavailable for everyone. Please also note that this will severely damage your reputation amongst your users / customers.

How to stop this?

We are willing to refrain from attacking your servers for a small fee.

The current fee is $1100(USD) in bitcoins (BTC). The fee will increase by 1000 USD for each day after 2020 November 2nd that has passed without payment.

Please send Bitcoin to the following Bitcoin address (cAsE-SeNsitIve):
číslo bitcoin peněženky

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you coinmama.com or buy.coingate.com for buying bitcoins.

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment before the deadline (2020 November 2nd ) or the attack WILL start!

What if you don“t pay?

If you decide not to pay, we will start the attack on the indicated date and uphold it until you do, there“s no counter measure to this, you will only end up wasting more money trying to find a solution (Cloudflare, Sucuri, Imperva and similar services are useless, because we will hit your network directly).

We will completely destroy your reputation and make sure your services will remain offline until you pay. We will also download your database and do as much damage as possible.

Do not reply to this email, don“t try to reason or negotiate, we will not read any replies.

Once you have paid we won“t start the attack and you will never hear from us again.

Please note that Bitcoin is anonymous and no one will find out that you have complied.

– Venomous Bear team.