A famous domestic company was blackmailed by hackers and needed 20 bitcoins to settle it

It doesn't seem to make sense to do extortion business during the harmonious Thanksgiving period, but bad guys never reason with you.

Today's bad guys are the Armada Collective. Apparently, this pirate-like hacker group got its name from the Spanish Armada. They do things like pirates, with cruel methods, clear goals, and simple logic: DDoS attacks + extortion.

The specific steps are as follows:

1. Choose a company, usually a stable Internet service provider

2. Send a "congratulatory" email, telling the other party that a DDoS attack is about to be launched and that they must pay money if they want to avoid the disaster.

3. Launch an attack for 15 minutes and flex your muscles. Let the other party know that I am serious.

4. If the other party refuses to pay, launch continuous attacks until you receive the money.

Ransom note from the Invincible Armada

If you want to avoid disaster, the Invincible Fleet will only charge you 20 yuan. What a bargain! Thai baht or Zimbabwe dollar? Unfortunately, it is the most valuable currency in the world - Bitcoin... According to the current exchange rate, 20 Bitcoins are equivalent to less than 40,000 RMB.

The key problem is that if you don't pay the ransom in time, the ransom will increase by 20 bitcoins per day. If you pay one day late, you will have to pay 40, and if you pay another day late, you will have to pay 60. If you delay for a year or two, the amount will be astronomical, and even Bill Gates can't afford it.

The reporter of Leifeng.com used shaking hands to press the calculator. Even if Bill Gates has a fortune of 80 billion US dollars, if he fails to pay the ransom, he can survive for... 40,000 years. OK, Gates, you win.

Bill Gates: Blame me

In fact, this extortion model is quite old. It can be said that DDoS extortion has existed since the days of dogs. However, with the rise of cloud computing, a large amount of resources are readily available, which has caused the cost of DDoS attacks to drop drastically. At the same time, people's requirements for the reliability of Internet services are constantly increasing, which has made the destructive power of DDoS attacks increasingly greater. Therefore, this extortion method with less high-tech content has become popular again. To use poetic language, it is like a resurgence of the old dregs.

In the past two days, the Invincible Fleet has been "going out to sea" frequently, and major financial institutions and Internet service providers around the world have been accidentally "bitten".

ProtonMail is a Swiss confidential email service provider. How confidential are their emails? Well, they are the "official designated" partner of the terrorist ISIS. Not long ago, ProtonMail received a threatening letter from the Invincible Fleet: If you don't pay, we will fight you to death, with a maximum traffic attack of 1T, just wait.

ProtonMail had heard the slogans of the Invincible Fleet and was extremely nervous. However, after consulting with several security experts, they got the advice: don’t pay them and see what they will do. However, when the Invincible Fleet paralyzed its servers within a day and directly brought down the company’s two data centers and ISP, hundreds of companies were affected. This company, which was not afraid of even terrorists, could not stand it anymore and urgently consulted several security experts. This time, the security experts gave the advice: pay up quickly! Give as much as you want!

After 20 bitcoins were urgently transferred to the designated account of the Invincible Fleet, something even more tragic happened - the attack became more intense. In the following two days, not only were the servers completely destroyed, but even the data center was severely damaged.

What is impressive is that on the third day, ProtonMail realized that the new attack did not come from the Invincible Fleet, but from a hacker group with government background. This group did not contact ProtonMail. Now, ProtonMail, which was ready to pay with a lot of Bitcoin, found that it didn't know who to give the money to.

The second attack, which was clearly unethical, had a clear purpose, which was to cause ProtonMail to completely crash. Some analysts believe that this was related to ISIS's use of the email system for tethering. Seven days later, the attack finally weakened, and ProtonMail, which was already riddled with bullet holes and had a panic attack, was finally able to breathe.

When extortion meets counter-terrorism, ProtonMail suddenly feels unlucky. Putting aside this episode, most hacker extortion organizations like the Invincible Armada are still very "professional". They spend money to avoid disaster, do not owe each other, and their methods are clean and neat.

The extortion industry is booming, so how could Chinese Internet companies, which are leading the world, be immune? Just last week, Wuyun issued a warning that a well-known Chinese Internet company received a ransom email.

Screenshot of ransom email received by Chinese companies

In the email, the arrogant hacker group said, "If you don't know me, go ask Google," and attached a link to a news report on their crimes. It must be said that the Invincible Fleet did a lot of research before entering the "Chinese market." In the email, they said:

You have many Bitcoin trading platforms in China, so it is very convenient to transfer money to us. Don't think I don't know.

If you don't know how to transfer money, just Google it. No, Baidu is better.

We will attack for 30 minutes to let you have a taste of our power. (Hey, didn't we agree on 15 minutes? Didn't you know that China is home to many wealthy people who even double the attack time?)

The chat content about asking Armada Collective about blackmail was exposed by the cloud

According to the exposed chat content, this unfortunate company has been attacked three times in a row and is actively looking for a solution. As for who this company is, Wuyun-related personnel said: I won’t tell you even if you kill me. It has been a whole week since I received the email. Did you feel any abnormality in logging into the website? Judging from various sources, there is no such thing. Therefore, some industry insiders analyzed that this company must be shouting, "Whoever offends the mighty Han will be punished even if he is far away! Isn’t it just a 1T traffic attack? How can our great Celestial Empire be controlled by the people and rich in the world? Tell me quickly, which account should the Bitcoin be transferred to?"

Of course, this is most likely done on the advice of security experts.

From Leifeng.com