warning DDoS Attack Blackmail Email

[frank-germany]

hello I received this email today

what can I do?



We are Anonymous hackers group.
Your site xxxxx.com will be DDoS-ed starting in 24 hours if you don't
pay only 0.05 Bitcoins @ xxxxxxxxx

Users will not be able to access sites host with you at all.


If you don't pay in next 24 hours, attack will start, your service going down permanently.
Price to stop will increase to 1 BTC and will go up 1 BTC for every day of attack.

If you report this to media and try to get some free publicity by using our name,
instead of paying, attack will start permanently and will last for a long time.

This is not a joke.

Our attacks are extremely powerful - over 1 Tbps per second.
No cheap protection will help.

Prevent it all with just 0.05 BTC @ xxxxxxxxxxxxxx

Do not reply, we will not read. Pay and we will know its you.

AND YOU WILL NEVER AGAIN HEAR FROM US!
Bitcoin is anonymous, nobody will ever know you cooperated.

 

[deez007]

Wow..... I would say it is some skanky spammer trying his luck.

They sure as hell are not affiliated to The Anonymous Hackers Group...they are Hactivists and do not extort money from people...so these guys are probably bluffing. That's why they requested 0.05BTC....its a small enough payment for someone to think.."why take the chance" might as well just pay them to be safe...

I think they just trying their luck...

Just my 2 cents dude...I could be wrong of course.

 

[mr-x]

hello I received this email today

what can I do?
.

Yea.. not real hackers. Not even good scammers.

 

[tonyk2000]

I remember a dozen or so emails received a few years ago, exactly the same writing style. Not native english-speakers it seems. Forwarded emails to a parking company where the domains were parked, just in case... did not notice any downtime in 24 hours or later. It does not mean that ddos can not or will not happen today, as it is cheap to order it these days. In fact, targeting domainers with such emails makes little or no commercial sense even if they are ready to order ddos attacks.

 

[richface]

0.05? Give me a Break Call their Bluff. I was previously a Director of an IT Security company for 8 years never heard of any serious hackers going through so much trouble for that minuscule amount of soup In any event any domainer running a small to medium size website should really consider CloudFlare (not affiliated) In addition hacker's emailing? even through multiple vpn's email headers can easily expose location ip routes unless they use an anonymous email service or hack other accounts to email usually demands are inserted in code. Sounds like someone trying it on.

 

[usernamex]

Pay and we will know its you.

If it is all anonymous then how would they know you are the one who paid? I don't do bit coin so does it track by the number? Or unless they supposedly only target one person at a time?

Sorry you have to deal with this @frank-germany that would freak me out. If it were me, I would immediately contact my host and ask if there is anything they can do to take preventative measures against potential attack, and/or if they have heard of this before and they know it's a total scam.

Also see if you can report the spam to the registrar of the domain it is coming from if any of that is accurate.

 

[Recons.Com]

Pay and we will know its you.

If it is all anonymous then how would they know you are the one who paid? I don't do bit coin so does it track by the number? Or unless they supposedly only target one person at a time?

Sorry you have to deal with this @frank-germany that would freak me out. If it were me, I would immediately contact my host and ask if there is anything they can do to take preventative measures against potential attack, and/or if they have heard of this before and they know it's a total scam.

Also see if you can report the spam to the registrar of the domain it is coming from if any of that is accurate.

Considering that only a fraction of people would pay, they can't write to one person at a time.

Hence they have no way of knowing who paid.

 

[frank-germany]

Considering that only a fraction of people would pay, they can't write to one person at a time.

Hence they have no way of knowing who paid.

that is a very valid point

 

[usernamex]

Looks like it is probably empty and there are steps to take outlined in the second link of places you can report the spam to

https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/

https://security.stackexchange.com/...os-me-if-i-dont-pay-a-ransom-what-should-i-do

Still really unsettling

 

[CJ6]

Tell them you have wired the money to buy BTC and have to wait for 3 days for the funds to clear. Then you can send the bitcoin.

 

[frank-germany]

Looks like it is probably empty and there are steps to take outlined in the second link of places you can report the spam to

https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/

https://security.stackexchange.com/...os-me-if-i-dont-pay-a-ransom-what-should-i-do

Still really unsettling

looks they have a collection of those

 

[SirDrago]

@frank-germany
The easiest way to protect yourself just in case is to use CloudFlare it's free and takes 5 minutes to do.

https://www.cloudflare.com

 

[frank-germany]

@frank-germany
The easiest way to protect yourself just in case is to use CloudFlare it's free and takes 5 minutes to do.

https://www.cloudflare.com

thank you
I am not worried about a DDos attack at a parked domain..

I want these guys ...

 

[TestCase]

Related thread

https://www.namepros.com/threads/new-scam-ddos-threat.1025903/

 

[frank-germany]

its obviously a bluff

 

[tonyk2000]

Bitcoin allows to generate unique purse addresses for each single payment, so, theoretically speaking, includuing different bitcoin addresses into different emails sent here would not be an issue. What is an issue is targeting domainers, what do they expect, receive 5BTC for each 100 domains owned by single owner, that are on the same IP? Even if said IP does not belong to a known parking company like Sedo. And if and where it is clearly of a parking company - more nonsense as the result

 

[offthehandle]

Wordfence's Mark Maurauder actively studies who these clowns are and they collect data on these sorts of scammers, you might install contact them too if you were to use Wp with wordfence on the domain and see if you can find them.

 

[Paul]

As plenty of people have already mentioned, it's almost certainly a scam and should be ignored.

It sounds like you're mostly interested in tracking down who sent the email. Chances are it was automatically sent by malware on some innocent person's computer. That's what happens when you get malware: your computer is used to attack other people. Typically, to find who's behind these things, more information is needed than what's present in a single email. And even if you do find them, they're often spread out over jurisdictions that don't care or are actively hostile. Taking down such spamming operations requires unprecedented coordination between international agencies. If they're big enough and loud enough, law enforcement around the world is probably already monitoring them and gathering evidence. Once they're ready, they'll pounce, but it could take a while.

The best thing you can do to help law enforcement is to contribute the email you have to databases used by researchers. This had the added benefit that whoever was hacked may be notified, assuming their ISP is responsible enough. You could also try to contact someone like Brian Krebs, but researchers like him receive a lot of these reports, so you might not get a response unless he's actively investigating something related to the email.

 

[namezest]

Wait to see your server logs for huge traffic spike, if you get ddos, change the site dns (maybe use verisigns) along with your login script if you have one.
That will separate them from kids with a bit of software or a real botnet that could potentially cause you major problems. Don't fear emails just be careful not to open them especially if you use bitcoin. That wannacry was specifically targeting .onion (Tor networks) and .wallet (bitcoin) The media panic starters left that part out except for the ransom always being in bitcoin.

 

[Paul]

That wannacry was specifically targeting .onion (Tor networks) and .wallet (bitcoin) The media panic starters left that part out except for the ransom always being in bitcoin.

That's not true. If anything, there wasn't enough panic; it was a very serious incident. You're confusing the C2 servers with the targets. The C2 servers (the .onion addresses in the payload) were only used to receive the AES keys. .wallet has nothing to do with WannaCry.

WannaCry scanned public IP addresses for vulnerable SMB and RDP targets. Up-to-date computers running Windows 10 weren't vulnerable, but Windows XP, Windows Server 2003, and out-of-date computers were (and continue to be). The only reason WannaCry died down was because it had poorly implemented analysis evasion that unintentionally acted as a killswitch.

There's now similar malware that lacks a killswitch. If you're running an EOL version of Windows or you don't run Windows Update regularly, you could be vulnerable--and the malware you receive could be sending the scam emails seen here.