For the last few days, senior managers at various financial institutions such as banks have received an email from a group purporting to be the Armada Collective. The email, sent from the email address oscarcanadas@infovia.com.ar, was titled “EXS” Attack!!! “EXS” and explained that unless a payment of 1 BTC was made prior to a specific given date and time, a 10-300 Gbps Distributed Denial of Service (DDoS) attack would be directed at the company. In addition to the DDoS attack, all computers on the network would be attacked with Cerber Ransomware.
Nettitude has identified two further extortion campaigns during the course of its investigation. The threat actors appear to be employing a scattergun approach, playing the numbers game, on the off chance that a victim pays
the ransom.
Armada Collective
The Armada Collective is an online threat actor that uses the threat of DDoS attacks to extort Bitcoin payments from their targets1. They first appeared in September 2015 when they attempted to extort money from Swiss hosting providers. From there, Armada Collective targeted email and domain services, a gambling website, financial institutions and a datacentre between September and mid-December 2015. Nothing was heard from the group until 11th March 2016, when emails were sent to multiple Swiss financial institutions demanding a ransom payment. Interestingly, these threats were not accompanied by a “demonstration” DDoS attack.
[To read the remainder of the report, please fill out the form to get your free copy]