A cybercriminal group identifying itself as Phantom Squad has launched an email-based extortion campaign against thousands of businesses, threatening to debilitate their websites with a distributed denial of service (DDoS) attack on Sept. 30 if they do not pay a ransom of .2 bitcoins.
Phantom Squad is a hacker group known to carry out DDoS attacks against gaming networks such as Steam, Xbox Live, and PlayStation Network. However, in a blog post on Thursday, the security firm Radware questioned if this latest threat is actually the work of a copycat, and expressed doubt that the extortionists can actually pull off an attack against so many targets.
“Due to the number of victims in this campaign and low ransom demand, it’s unlikely that this group posing as Phantom Squad will follow through on their threats,” the blog post states, also noting that attacking thousands of non-paying companies at once would require major resources.
Another clue that the threat may be a bluff is that the extortionists have not launched any “demo attacks” to prove that they are capable of causing mass disruption, Radware points out.
According to the blog post, the extortionists began spamming companies across Europe, Asia and the U.S. on Sept. 19, threatening businesses in such industries as manufacturing, technology, and education. To raise the stakes, the group warned recipients that once the DDoS attack starts, the price to stop it will sharply increase from .2 bitcoin (worth approximately $718 today) to 20 bitcoins (roughly $71,800 today), and then go up an additional 10 bitcoins each day.
BleepingComputer attributed the discovery of the spam emails to security researcher Derrick Farmer. “Don’t acknowledge these crappy extortion attempts,” Farmer says in one tweet. “Don’t reply to them and definitely don’t pay!”
In its blog post, Radware suggests that an actor unaffiliated with Phantom Squad may have stolen the group’s name in order to sound more credible. “[DDoS-for-ransom] campaigns can be financially rewarding to a cybercriminal who enjoys making large amounts of money for little to no investment,” Radware states. “Because of this, many hacking groups now imitate this modus operandi and spam similar ransom threats using other group names, with no intention of launching an attack.”
Still, not all threats are fake. Radware noted that with the rise of more powerful Internet of Things botnets, the company has observed an increase in DDoS-for-ransom threats in 2017.