One of our institutions received the following threatening email. Research attributed no attacks (only threats) to this group. The SANReN CSIRT assisted by providing a quick vulnerability assessment and advised patching one public facing system with a significant vulnerability. No further actions/incidents were reported.
Subject: “EXS” Armada-Collective Invoice “EXS” We are a HACKER TEAM – Armada Collective 1 – We have checked your information security systems, setup is poor; the systems are very vulnerable and obsolete. 2 – We’ll begin attack on Tuesday 06-09-2016 8:00 p.m.!!!!! 3 – We’ll execute some targeted attacks and check your DDoS servers by the 10-300 Gbps attack power 4 – We’ll run a security breach test of your servers through the determined vulnerability, and we’ll gain the access to your databases. 5 – All the computers on your network will be attacked for Cerber – Crypto-Ransomware 6 – You can stop the attack beginning, if payment 1 bitcoin to bitcoin ADDRESS: ####removed#### 7 – If you do not pay before the attack 1 bitcoin, the price will increase to 20 bitcoins 8 – You have time to decide! Transfer 1 bitcoin to ADDRESS: ####removed####
These kinds of emails are reportedly attempts to extort money from targeted institutions by coercion. Authoritative news articles indicate that these threats from “Armada Collective” are not carried out irrespective of whether the money is paid or not1
- Do not pay.
- Follow the advice on mitigating DDoS attacks as a precaution.
- Please forward the email to our team for further analysis and advice.
- Contact us for a vulnerability assessment.