Phantom Squad DDoS Extortion Group Sends Threatening Ransom Demand to Thousands of Companies

Last updated on May 16th, 2018 at 11:13 am

It has come to our attention that Upcoming cyber criminal group, Phantom Squad has been actively sending out an email-based extortion campaign against thousands of businesses globally, threatening to flood their websites with a distributed denial of service (DDoS) attack on Sept. 30 if they do not pay a ransom of 0.2 bitcoins.

Phantom Squad is a hacker group known to carry out DDoS attacks against gaming networks such as Xbox Live, Steam and PlayStation Network. However, in a blog post on Thursday, the security firm Radware questioned if this latest threat is actually the work of a copycat, and expressed doubt that the extortionists can actually pull off an attack against so many targets.

“Due to the number of victims in this campaign and low ransom demand, it’s unlikely that this group posing as Phantom Squad will follow through on their threats,” the blog post states, also noting that attacking thousands of non-paying companies at once would require major resources.

Another clue that the threat may be a bluff is that the extortionists have not launched any “demo attacks” to prove that they are capable of causing mass disruption, Radware points out.

Since 2017-09-19, at least 4 people have tweeted about the same type of emails, supposedly from Phantom Squad:

• https://twitter.com/TProphet/status/910199852524478464
• https://twitter.com/willfull/status/910504944729559040
• https://twitter.com/drowningbynums/status/910774194803224581
• https://twitter.com/trbrink/status/910211259655704577

Victims should report extortion attempts to authorities

Japan CERT has issued a security alert informing companies how to handle the fake demands by reporting the emails to authorities.

Today, security researcher Brad Duncan also published an alert on the ISC SANS forums, letting other sysadmins and security researchers know not to believe the ransom threats.