Using emails threatening to launch DDoS attacks, a group of cybercriminals called the Armada Collective extorted hundreds of thousands of dollars from a wide range of businesses, according to a new investigation by CloudFlare.
The "protection fee" demanded Bitcoin payments ranging between $4,600 to $23,000, but because Bitcoin is anonymous, the attackers could not know who paid. Regardless, the threats were empty. CloudFlare's study found no instances of the group actually launching attacks.
However, many of those targeted did pay the extortion fee. A security analyst who examined the criminal group's Bitcoin addresses found $100,000-plus had been received by the attackers.
An earlier iteration of this group did carry out DDoS attacks in the range of 60Gbps in extortion campaigns in 2014, but alleged members were arrested in January 2016 in a Europol sweep dubbed Operation Pleiades.