Armada Collective, a group of online attackers, is demanding a ransom payment of $315,000 from South Korean banks – In the case of refusal, the group has threatened the banks with a series of massive Distributed Denial of Service (DDoS) attacks.
The threats came days after South Korean web hosting company NAYANA paid over $1 million to cyber criminals who held the company’s Linux-based servers for ransom for over a week after infecting them with Erebus ransomware.
The Yonhap News Agency has published a list of banks who received the threat from Armada Collective. These banks include KB Kookmin Bank, Woori Bank, Shinhan Bank, NH Bank, KEB Hana Bank and two other lenders.
It seems that Armada Collective is taking advantage of the vulnerable cyber infrastructure of South Korea and the fact that NAYANA paid a huge ransom to cyber criminals.
The list was published on 21st June while the final date to pay the ransom was 26th June. However, one day has passed and there have been no reports of any cyber attack on the banks mentioned above.
Armada Collective is the same group who conducted a series of non-stop DDoS attacks on the servers of encrypted email service provider ProtonMail. As a result, ProtonMail was forced to pay $6000 to the group as ransom.
Right after ProtonMail, the group targeted banks in Greece and demanded a huge ransom of 20,000 Bitcoins which was $7,210,000 in 2015 and about $49147000.00 at the time of publishing this article.
The group was also involved in targeting ISPs in Switzerland and some services like Hishmail and Runbox in the past.
However, in 2016, CloudFlare blogged about the group under the label of “Empty DDoS Threats: Meet the Armada Collective.” In their blog post, Matthew Prince of CloudFlare wrote that:
“We heard from more than 100 existing and prospective CloudFlare customers who had received the Armada Collective’s emailed threats. We’ve also compared notes with other DDoS mitigation vendors with customers that had received similar threats – Our conclusion was a bit of a surprise: we’ve been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack.”
It is unclear how and why CloudFlare didn’t witness attacks from Armada Collective since all their previous attacks got a lot of attention in the press.