Posted on September 25, 2017 at 6:42 PM
The Phantom Squad have been threatening global companies with a severe DDoS attack and demands ransom.
Thousands of companies worldwide have recently received threats by a group of cybercriminals. The group, who goes by the name of the Phantom Squad, has been threatening companies with DDoS attacks and demanding ransom.
The DDos (RDoS) campaign has been active since 19 September.
According to threatened firms, the DDoS attacks are scheduled to take place on 30 September if they fail to pay the ransom. The Phantom Squad has demanded a ransom of 0.2 bitcoins (the equivalent of $734).
A security researcher, Derrick Farmer, first noticed the campaign. The RDoS campaign has targeted companies and corporations from all over Asia, Europe, and the United States. Notably, Phantom Squad has mostly targeted businesses in the education, manufacturing, or technology sectors.
Many security experts have speculated that it is likely that the Phantom Squad might not even go through with the attack. Considering the number of victims in addition to the relatively low ransom, the Phantom Group does not pose a serious threat to targeted companies.
Another reason why security experts are skeptical is the sheer amount of vast resources required to carry out an attack of this nature. History has also shown that hackers who send out dozens of extortion letters generally do not follow through with an actual attack. So far, companies have been advised to ignore the ransom demands.
Japan’s CERT issued warnings of the same kind. According to the CERT alert, the email sent by the Phantom Squad was similar to a previous hacking attempt by a group called the Armada Collective. This group also threatened companies with RDoS attacks in 2016.
RDoS campaigns are particularly lucrative to hackers as they require minimal capital input or investment, and can reap large sums of money. Therefore, this has become a popular technique for many hacking groups. However, many hacking groups send out a vast amount of emails with nothing but empty threats, as they have no intention of launching an attack, but rather hoping that the company believes their bluff. There have been other groups besides the Phantom Squad and the Armada Collective that have attempted this, like Anonymous as well as Lizard Squad. This year alone, a security company, Radware, have seen many groups trying to imitate these groups.
— Derrick (@Ring0x0) September 19, 2017
The number of companies threatened as well as companies who have paid the ransom is still unknown. In cases like this, security experts would generally advise to not abide the ransom demand but to rather boost DDoS protection, by employing cybersecurity experts to tighten the protection against any RDoD attacks.
According to Stephanie Weagle, VP of Corero Network Security, hackers are most attracted to this mode of hacking purely because of the financial rewards as well as the simplicity of the attack. She has also warned companies to not pay the ransom. If larger companies start agreeing to ransom, we are likely to see a rise in the frequency and severity of these attacks.