NSA and Akamai have recently been observing DDoS attacks targeting mainly Financial Services and Retail sectors, and possibly other industry vertical customers in North America, EMEA, and APJ as part of an ongoing DDoS extortion campaign. The DDoS attacks are generally preempted by a ransom letter via email to the victim demanding payment in Bitcoin, followed by a “demonstration” DDoS attack with the promise of more and larger attacks if the ransom is not paid by a certain date. The tactics, techniques, and procedures (TTPs) observed in this campaign initially appear very similar to the last major DDoS extortion campaign Akamai witnessed in November 2019.
Akamai’s Security Incident Response Team (SIRT) recently published a blog post with more information about the ransom letters some customers received. Some email subjects for the ransom letters were “DDoS Attack” and “DDoS Attack on your network.” Note that the ransom letters appear very similar to the ransom letters from the November 2019 campaign mentioned above. DDoS extortion campaigns that may impersonate high profile threat actors are not new and previous bulletins have been distributed related to this topic.
If your organization receives a ransom letter, do not panic. NSA and Akamai can help.
If you’d like to setup time to provide an overview of the threat, learn more about your security goals, and discuss how NSA and Akamai can help, please reach out to Brian P. Weaver, our VP of Sales. You can call him direct at716-710-2940 or email him here.