A hacker group claiming to be the Armada Collective hacker group demanded 10.08 bitcoins from BlackVPN, a VPN service provider, by Monday, saying it would otherwise launch DDoS attacks and raise the price every day of non-payment, according to Yahoo. So far, BlackVPN has not paid.
Armada Collective is the name of the group that blackmailed Protonmail last year for $6,000.
BlackVPN’s website was operating Tuesday.
It is not known if the attackers are the same as the ones that blackmailed Protonmail or simply using their name. Hacker groups often imitate one another.
“Bitcoin is anonymous, nobody will ever know you cooperated,” the threatening email said.
BlackVPN said it had been preparing for the attack since receiving the threat a week earlier. On Saturday, April 16, the company said a small DDoS attack disrupted its network, but there were no intrusions.
BlackVPN Assures Customers
BlackVPN told customers the threat was only against its systems and would not threaten customer security or privacy. It said the worst case scenario would be that its service and support systems would be unavailable during an attack.
BlackVPN noted two other VPN providers that it did not name received similar threats.
The company said it hoped its transparency would encourage other VPN providers to be forthcoming if they receive such a threat.
Cloak, another VPN service, last week received a similar email that demanded around 10 BTC. Cloak also denied the extortion and did not suffer any significant downtime.
One Service Provider Pays
The hacker group has allegedly succeeded in some cases. SCRYPT mail, an encrypted email provider, paid the hacker group a 10.12 BTC ransom last weekend in response to similar threats.
Copycats imitating the Armada Collective hacking group have made more than $100,000 from empty DDoS threats against companies worldwide, according to Softpedia.
CloudFlare, a company that protects and accelerates websites, reported that someone has been using the Armada Collective name in ransom emails since March. CloudFlare said companies that did not pay the ransom did not suffer attacks.
CloudFlare reported that more than 100 companies contacted them about DDoS protection service.
The copycat group only uses one bitcoin wallet address to receive payments.
Chainalysis claimed the copycat group received more than $100,000 worth of bitcoin.
The copycat group asks for sums between 10 and 50 BTC.
Also read: Cyber criminal group DD4BC strikes Hong Kong bank websites
New Name For DD4BC?
Armada Collective is believed to be an alternative name for DD4BC, a group that emerged last year that threatens DDoS attacks.
In January, Europol began to investigate Armada Collective. Activity subsided following arrests in January of suspects in Bosnia and Herzegovina.
Featured image from Shutterstock.