'Ransomware attacks that tear through corporate networks can bring
massive organizations to their knees. But even as these hacks reach
new popularity highs—and new ethical lows—among attackers, it's not
the only technique criminals are using to shake down corporate
victims. A new wave of attacks relies instead on digital
extortion—with a side of impersonation.
On Wednesday, the Web security firm Radware published extortion notes
that had been sent to a variety of companies around the world. In each
of them, the senders purport to be from the North Korean government
hackers Lazarus Group, or APT38, and Russian state-backed hackers
Fancy Bear, or APT28. The communications threaten that if the target
doesn’t send a set number of bitcoin—typically equivalent to tens or
even hundreds of thousands of dollars—the group will launch powerful
distributed denial of service attacks against the victim, walloping
the organization with a fire hose of junk traffic strategically
directed to knock it offline.
This type of digital extortion—give us what we’re asking for and we
won’t attack you—has resurfaced repeatedly throughout the last decade.
But in recent months, criminals have attempted to capitalize on fear
about high-profile nation-state attacks, combined with anxieties
related to rising ransomware attacks, to try to make some extra
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304