The Fancy Lazarus distributed denial-of-service extortion group has been delivering threatening emails to organizations in the manufacturing, energy, insurance, financial, public utility and retail sectors, most of which are in the U.S., according to a Proofpoint study reported by Threatpost
. Proofpoint said that the emails threaten the companies regarding a DDoS attack if they choose not to pay a starting ransom of two Bitcoin, which is equivalent to nearly $75,000.
The campaign "could be an attempt to ride the coattails of high-profile news stories and result in a higher likelihood of payment. Another trend we have seen over the past four months are a focus on sending these threats to financial institutions and large insurance providers," said Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.
Proofpoint's analysis showed that the threatening emails are being sent by Fancy Lazarus to knowledgeable individuals within the targeted organizations.
"The emailed individuals also work in areas such as communications, external relations, investor relations. Additionally, extortion emails are often sent to email aliases such as help desk, abuse, administrative contacts or customer service," said Proofpoint.