A group of cybercriminals going by the name Phantom Squad have been threatening thousands of companies across the globe with DDoS attacks, demanding a ransom to be paid if the firms don't want to become victims of attacks. The DDoS ransom (RDoS) campaign appears to have started on 19 September.
The Phantom Squad hackers have threatened targeted firms with DDoS attacks on 30 September, if the demanded ransom is not paid by then. The hackers are demanding a ransom of 0.2 bitcoins ($734, £543).
The RDoS campaign was first spotted by security researcher Derrick Farmer, Bleeping Computer reported. According to security researchers at Radware, the Phantom Squad hackers have targeted companies across Asia, Europe and the US. The hackers have also been noticed targeting the education, manufacturing and technology sectors.
"Due to the number of victims in this campaign and low ransom demand, it's unlikely that this group posing as Phantom Squad will follow through on their threats. To date, no sample attacks have been reported against targeted networks. Furthermore, to launch a series of denial-of-service attacks of this scale, the group will require vast resources. Therefore, when a group sends dozens of extortion letters, they typically will not follow through with a cyber-attack. Companies should be advised to not pay the ransom demands," Radware's emergency response team said in an alert.
Japan's CERT has also issued an alert regarding the RDoS campaign. The alert stated that email sent out by the Phantom Squad is similar to the ones sent out previously by another hacker group called the Armada Collective, who in 2016 launched numerous RDoS campaigns.
"RDoS campaigns can be financially rewarding to a cyber-criminal who enjoys making large amounts of money for little to no investment. Because of this, many hacking groups now imitate this modus operandi and spam similar ransom threats using other group names, with no intention of launching an attack. In 2016, many opportunists emerged using infamous names like the Armada Collective, Anonymous and Lizard Squad to spread fear and gain credibility for their threats. This year, Radware has witnessed groups pretending to be Fancy Bear, Armada Collective, Anonymous and Phantom Squad," Radware security experts said.
It is still unclear as to how many companies have received the Phantom Squad's threatening letter and whether any firms have already paid. When faced with such threats, security experts recommend not paying the ransom and instead, boosting DDoS protections by seeking out assistance from professionals to help protect against RDoS attacks.
"Many hackers are motivated by the potential for financial gain and the ease at which such attacks can be performed. Indeed, extortion is one of the oldest tricks in the criminal's book, and one of the easiest ways for today's hackers to turn a profit," Stephanie Weagle, VP at Corero Network Security told IBTimes UK. "Unfortunately, when even one, high-profile victim chooses to engage with attackers by paying a ransom, we tend to see an increase in these types of attacks."