Otto
Advanced
- Joined
- 22.09.20
- Messages
- 104
- Reaction score
- 423
- Points
- 63
The British currency company Travelex refused to pay the ransomware and was subjected to a DDoS attack.
Companies around the world receive ransom emails and threats to unleash DDoS attacks on their computer networks if the money is not paid. In particular, such a letter was also received by the British currency company Travelex.
According to specialists from the information security company Radware, several companies received such threatening letters in mid-August. The ransomware demanded 20 bitcoins (about $ 230 thousand), which must be paid within a week, otherwise they threatened to unleash a DDoS attack on computer networks. In addition, they promised to increase the ransom amount by 10 bitcoins for each non-payment day.
The peak of the distribution of extortion letters fell on August, but in the first half of September their number began to decrease. Nevertheless, in late September - early October, the number of extortion letters began to grow again.
The attackers impersonate well-known APT groups such as Fancy Bear, Armada Collective, and Lazarus. Attackers decide which APT to impersonate depending on which organization they are attacking. If the target is a financial institution, the extortionists call themselves Lazarus (as was the case with Travelex), and if the attack is aimed at a technology or industrial enterprise, then Fancy Bear.
As reportedIntel471 specialists, Travelex received the extortion letter. The attackers demanded 20 bitcoins from her. Based on the bitcoin wallet the victim was supposed to transfer the money to, Travelex did not pay the ransom.
Sometime after the company received the email, the researchers said a powerful attack hit a configurable port of four IP addresses serving its subdomains on its network. Two days later, attackers launched another attack on Travelex using DNS amplification techniques using Google's DNS servers.
Companies around the world receive ransom emails and threats to unleash DDoS attacks on their computer networks if the money is not paid. In particular, such a letter was also received by the British currency company Travelex.
According to specialists from the information security company Radware, several companies received such threatening letters in mid-August. The ransomware demanded 20 bitcoins (about $ 230 thousand), which must be paid within a week, otherwise they threatened to unleash a DDoS attack on computer networks. In addition, they promised to increase the ransom amount by 10 bitcoins for each non-payment day.
The peak of the distribution of extortion letters fell on August, but in the first half of September their number began to decrease. Nevertheless, in late September - early October, the number of extortion letters began to grow again.
The attackers impersonate well-known APT groups such as Fancy Bear, Armada Collective, and Lazarus. Attackers decide which APT to impersonate depending on which organization they are attacking. If the target is a financial institution, the extortionists call themselves Lazarus (as was the case with Travelex), and if the attack is aimed at a technology or industrial enterprise, then Fancy Bear.
As reportedIntel471 specialists, Travelex received the extortion letter. The attackers demanded 20 bitcoins from her. Based on the bitcoin wallet the victim was supposed to transfer the money to, Travelex did not pay the ransom.
Sometime after the company received the email, the researchers said a powerful attack hit a configurable port of four IP addresses serving its subdomains on its network. Two days later, attackers launched another attack on Travelex using DNS amplification techniques using Google's DNS servers.