An “unknown international group” is threatening Australian and New Zealand businesses with crippling network and internet attacks unless they hand over a Bitcoin ransom.
New Zealand Internet Taskforce (NZITF) chair Barry Brailey warned the spammer’s email threats are “not idle”, with at least four Kiwi organisations and “a number” of Australian businesses targeted.
Australia’s Stay Smart Online says the group behind the threat typically sends emails, containing news articles about attacks the group has perpetrated, to several addresses within an organisation.
The emails often include the following statements.
Your site is going under attack unless you pay 25 Bitcoin.
We are aware that you probably don’t have 25 BTC at the moment, so we are giving you 24 hours.
IMPORTANT: You don’t even have to reply. Just pay 25 BTC to [bitcoin address] – we will know it’s you and you will never hear from us again.
The “attack” is known as Distributed Denial of Service (DDoS). A DDoS attack floods a system with useless data, or requests for data, from several sources to overload the network and interrupt or suspend services.
The Bitcoin ransom is equivalent to around $5000, based on suggestions that the fluctuating online currency is valued around $200 per coin.
Here’s what Stay Smart Online says businesses should do to stay safe.
Educate the staff in your organisation to be on the lookout for these emails and to advise the appropriate personnel if they receive one.
Report the incident to the Australian Cybercrime Online Reporting Network (ACORN).
You are advised to consider the consequences of paying to remove the threat. There are no guarantees your organisation will not be targeted again in future.