Threat Management

Aramada Collective demands ransom from Greek banks

A hacking group dubbing itself the Armada Collective has claimed responsibility for striking three Greek banks with distributed denial of service (DDoS) attacks and has threatened to continue to do so unless paid a ransom.

According to published reports the hackers managed to block service to the banks on Nov. 26, but did not break into the financial institution's networks and no personal information was compromised. The amount demanded was not released and the banks have brought in law enforcement.

Akamai said in a blog post last month that it considers Armada a “credible source of attacks going forward. Organizations should take the threat seriously.” The security firm believes Armada is emulating the hacker group DD4BC, to the point where it was at first assumed that Armada was merely DD4BC operating under a new moniker.

Dave Lewis, security advocate at Akamai, called Armada a fairly new group that is not yet in the same league when it comes to generating DDoS attacks as DD4BC, but added the gang is honing its skills and it is only a matter of time before it is able to increase its capabilities.

Industry analysts believe these attacks can be expected to continue going forward and that while DDoS attacks can be dangerous there are ways organizations can protect themselves with added security.

"These attacks now disproportionately affect organizations that cannot or have not deployed DDoS mitigation solutions, which are by and large effective against most of these attacks," said Ryan Kalember, senior vice president of Cybersecurity Strategy at Proofpoint to SCMagazine Tuesday in an email.

There is also a strong possibility that these DDoS attacks are not being conducted by dedicated hackers, but by traditional blackmailers who are dabbling in cyberspace.

“We suggest that the members of the group are more likely to be professional extortionists and money launderers than professional DDoS-attackers. Judging by what we've seen when analyzing its attacks, the group doesn't have access to significant resources for DDoS,” Ruslan Stoyanov, Kaspersky Labs director of the computer incidents investigation department told in an email Tuesday.

Stoyanov agreed with Akamai's assessment that the group is a serious problem, even though it is likely still a small compared to other cybergangs.

“It's not a big or professional group, but its members have not yet been caught. That's why we expect these attacks to continue and urge companies to prepare their network infrastructure. It is a much better option than paying a ransom, because if you pay once, they will most certainly come back for more,” he said.

The attack on the Greek banks was not Armada's first attempt at extortion. The group also claimed to have conducted a DDoS attack last month on the email provider ProtonMail with that company paying a ransom of 15 bitcoins, or about $6,000. However, ProtonMail company reported the attacks continued.

Lewis and Stoyanov said for this reason it is foolish to pay because there is no guarantee the problem will go away.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.