Dynadot

warning DDoS Attack Blackmail Email

NameSilo
Watch

frank-germany

domainer since 2001 / musicianTop Member
Impact
14,595
hello I received this email today

what can I do?



We are Anonymous hackers group.
Your site xxxxx.com will be DDoS-ed starting in 24 hours if you don't
pay only 0.05 Bitcoins @ xxxxxxxxx

Users will not be able to access sites host with you at all.


If you don't pay in next 24 hours, attack will start, your service going down permanently.
Price to stop will increase to 1 BTC and will go up 1 BTC for every day of attack.

If you report this to media and try to get some free publicity by using our name,
instead of paying, attack will start permanently and will last for a long time.

This is not a joke.

Our attacks are extremely powerful - over 1 Tbps per second.
No cheap protection will help.

Prevent it all with just 0.05 BTC @ xxxxxxxxxxxxxx

Do not reply, we will not read. Pay and we will know its you.

AND YOU WILL NEVER AGAIN HEAR FROM US!
Bitcoin is anonymous, nobody will ever know you cooperated.
 
3
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Wow..... I would say it is some skanky spammer trying his luck.

They sure as hell are not affiliated to The Anonymous Hackers Group...they are Hactivists and do not extort money from people...so these guys are probably bluffing. That's why they requested 0.05BTC....its a small enough payment for someone to think.."why take the chance" might as well just pay them to be safe...

I think they just trying their luck...

Just my 2 cents dude...I could be wrong of course.
 
Last edited:
9
•••
4
•••
I remember a dozen or so emails received a few years ago, exactly the same writing style. Not native english-speakers it seems. Forwarded emails to a parking company where the domains were parked, just in case... did not notice any downtime in 24 hours or later. It does not mean that ddos can not or will not happen today, as it is cheap to order it these days. In fact, targeting domainers with such emails makes little or no commercial sense even if they are ready to order ddos attacks.
 
4
•••
0.05? Give me a Break Call their Bluff. I was previously a Director of an IT Security company for 8 years never heard of any serious hackers going through so much trouble for that minuscule amount of soup In any event any domainer running a small to medium size website should really consider CloudFlare (not affiliated) In addition hacker's emailing? even through multiple vpn's email headers can easily expose location ip routes unless they use an anonymous email service or hack other accounts to email usually demands are inserted in code. Sounds like someone trying it on.
 
5
•••
Pay and we will know its you.

If it is all anonymous then how would they know you are the one who paid? I don't do bit coin so does it track by the number? Or unless they supposedly only target one person at a time?

Sorry you have to deal with this @frank-germany that would freak me out. If it were me, I would immediately contact my host and ask if there is anything they can do to take preventative measures against potential attack, and/or if they have heard of this before and they know it's a total scam.

Also see if you can report the spam to the registrar of the domain it is coming from if any of that is accurate.
 
Last edited:
4
•••
Pay and we will know its you.

If it is all anonymous then how would they know you are the one who paid? I don't do bit coin so does it track by the number? Or unless they supposedly only target one person at a time?

Sorry you have to deal with this @frank-germany that would freak me out. If it were me, I would immediately contact my host and ask if there is anything they can do to take preventative measures against potential attack, and/or if they have heard of this before and they know it's a total scam.

Also see if you can report the spam to the registrar of the domain it is coming from if any of that is accurate.

Considering that only a fraction of people would pay, they can't write to one person at a time.

Hence they have no way of knowing who paid.
 
5
•••
Considering that only a fraction of people would pay, they can't write to one person at a time.

Hence they have no way of knowing who paid.


that is a very valid point
 
2
•••
3
•••
Tell them you have wired the money to buy BTC and have to wait for 3 days for the funds to clear. Then you can send the bitcoin.
 
3
•••
Looks like it is probably empty and there are steps to take outlined in the second link of places you can report the spam to

https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/

https://security.stackexchange.com/...os-me-if-i-dont-pay-a-ransom-what-should-i-do

Still really unsettling


looks they have a collection of those
upload_2017-6-22_23-0-40.png
 
2
•••
3
•••
5
•••
5
•••
2
•••
Bitcoin allows to generate unique purse addresses for each single payment, so, theoretically speaking, includuing different bitcoin addresses into different emails sent here would not be an issue. What is an issue is targeting domainers, what do they expect, receive 5BTC for each 100 domains owned by single owner, that are on the same IP? Even if said IP does not belong to a known parking company like Sedo. And if and where it is clearly of a parking company - more nonsense as the result
 
Last edited:
3
•••
Wordfence's Mark Maurauder actively studies who these clowns are and they collect data on these sorts of scammers, you might install contact them too if you were to use Wp with wordfence on the domain and see if you can find them.
 
3
•••
As plenty of people have already mentioned, it's almost certainly a scam and should be ignored.

It sounds like you're mostly interested in tracking down who sent the email. Chances are it was automatically sent by malware on some innocent person's computer. That's what happens when you get malware: your computer is used to attack other people. Typically, to find who's behind these things, more information is needed than what's present in a single email. And even if you do find them, they're often spread out over jurisdictions that don't care or are actively hostile. Taking down such spamming operations requires unprecedented coordination between international agencies. If they're big enough and loud enough, law enforcement around the world is probably already monitoring them and gathering evidence. Once they're ready, they'll pounce, but it could take a while.

The best thing you can do to help law enforcement is to contribute the email you have to databases used by researchers. This had the added benefit that whoever was hacked may be notified, assuming their ISP is responsible enough. You could also try to contact someone like Brian Krebs, but researchers like him receive a lot of these reports, so you might not get a response unless he's actively investigating something related to the email.
 
Last edited:
9
•••
Wait to see your server logs for huge traffic spike, if you get ddos, change the site dns (maybe use verisigns) along with your login script if you have one.
That will separate them from kids with a bit of software or a real botnet that could potentially cause you major problems. Don't fear emails just be careful not to open them especially if you use bitcoin. That wannacry was specifically targeting .onion (Tor networks) and .wallet (bitcoin) The media panic starters left that part out except for the ransom always being in bitcoin.
 
4
•••
That wannacry was specifically targeting .onion (Tor networks) and .wallet (bitcoin) The media panic starters left that part out except for the ransom always being in bitcoin.

That's not true. If anything, there wasn't enough panic; it was a very serious incident. You're confusing the C2 servers with the targets. The C2 servers (the .onion addresses in the payload) were only used to receive the AES keys. .wallet has nothing to do with WannaCry.

WannaCry scanned public IP addresses for vulnerable SMB and RDP targets. Up-to-date computers running Windows 10 weren't vulnerable, but Windows XP, Windows Server 2003, and out-of-date computers were (and continue to be). The only reason WannaCry died down was because it had poorly implemented analysis evasion that unintentionally acted as a killswitch.

There's now similar malware that lacks a killswitch. If you're running an EOL version of Windows or you don't run Windows Update regularly, you could be vulnerable--and the malware you receive could be sending the scam emails seen here.
 
Last edited:
6
•••
Wannacry is a modified version of the NSA's eternal blue crypto exploit. Remember nsa hates tor (network and browsers) it (Eternal Blue) was changed and since the code was leaked (2016) there will be lots more modifications done to the code. Therefore a lot more ransomeware like WannaCry.
You noticed bitcoin went up right....
Why use bitcoin for anonymity when you have no privacy lol. It was an NSA tool (Eternal Blue) developed to not just track tor networks it was also there to get through encrypted hard drives and all computers on the networks of those encrypted hard drives including vpns.
 
Last edited:
2
•••
Anyway back on topic those emails and phone calls are common around tax rebate time. I have had multiple phone calls telling me that I'm going to jail unless I wire money.
 
1
•••
@NameZest You're making a lot of assumptions based on very limited information. Please be careful what information you spread; hacking is all about information, and misinformation can be dangerous. When these incidents occur, people can die.

It's worth noting that these attacks are carried out by criminals. Yes, sometimes big attacks are carried out by people who don't seem scary, but many of these groups have ties to other kinds of crime. They're often just as fortified and defensive in real life as they are online. These are not people you want to mess with unless you're a trained professional--and even then, it's a risky endeavor.

If you're going to go after the people sending these emails, play it safe: team up with a qualified organization capable of handling the situation properly.
 
5
•••
2
•••
Did the header info offer anything interesting ?
 
1
•••
Back