UK cyber security consultancy, Nettitude, has identified a coordinated DDoS extortion and ransomware campaign, which has been targeting financial institutions over the past few days.
Senior managers at the affected organisations received emails purporting to be from the Armada Collective, threatening DDoS attacks and demanding Bitcoin payments. The companies were also threatened with the powerful Cerber ransomware, should they fail to pay the initial ransom.
Phillip Buck, senior threat intelligence analyst at Nettitude has made the following comments:
“The current advice is that extortion payments should not be paid. Threat actors such as Armada Collective often adopt a scattergun approach, distributing emails to a number of targets in the hope that at least one is successful. It is wise for companies to actively stress test their DDoS mitigation procedures, ensuring that a comprehensive plan is supported by comprehensive security awareness training, to reduce the impact of a DDoS attack and ransomware infection. Organisations should remain vigilant; email correspondence and attachments must be treated with caution and with these types of attacks on the rise, having a disaster recovery plan in place really is a must for all organisations.”