Phantom Squad DDoS Extortion Group Sends Threatening Ransom Demand to Thousands of Companies

Phantom Squad DDoS Extortion Group Sends Threatening Ransom Demand to Thousands of Companies

It has come to our attention that Upcoming cyber criminal group, Phantom Squad has been actively sending out an email-based extortion campaign against

Last updated on May 16th, 2018 at 11:13 am

It has come to our attention that Upcoming cyber criminal group, Phantom Squad has been actively sending out an email-based extortion campaign against thousands of businesses globally, threatening to flood their websites with a distributed denial of service (DDoS) attack on Sept. 30 if they do not pay a ransom of 0.2 bitcoins.

Phantom Squad is a hacker group known to carry out DDoS attacks against gaming networks such as Xbox Live, Steam and PlayStation Network. However, in a blog post on Thursday, the security firm Radware questioned if this latest threat is actually the work of a copycat, and expressed doubt that the extortionists can actually pull off an attack against so many targets.

“Due to the number of victims in this campaign and low ransom demand, it’s unlikely that this group posing as Phantom Squad will follow through on their threats,” the blog post states, also noting that attacking thousands of non-paying companies at once would require major resources.

Another clue that the threat may be a bluff is that the extortionists have not launched any “demo attacks” to prove that they are capable of causing mass disruption, Radware points out.

 

e-Mail Message From DD0S Extortionist

Date: Tuesday 2017-09-19 at 18:04 UTC
Subject: DDoS Warning
From: <uid101080@web.websupport.sk.>
Message-Id: <1505844251.007448.31360.nullmailer@me>

Hello, [removed]

FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!

We are Phantom Squad

Your network will be DDoS-ed starting Sept 30st 2017 if you don’t pay protection fee – 0.2 Bitcoin @ [removed].

If you don’t pay by Sept 30st 2017, attack will start, yours service going down permanently price to stop will increase to 20 BTC and will go up 10 BTC for every day of attack.

This is not a joke.

 

 

Since 2017-09-19, at least 4 people have tweeted about the same type of emails, supposedly from Phantom Squad:

Victims should report extortion attempts to authorities

Japan CERT has issued a security alert informing companies how to handle the fake demands by reporting the emails to authorities.

Today, security researcher Brad Duncan also published an alert on the ISC SANS forums, letting other sysadmins and security researchers know not to believe the ransom threats.

COMMENTS

DISQUS: 0