Security Alert: Recent DDOS Extortion Threats

May 9th, 2016

From The U.S. Computer Emergency Readiness Team (US-CERT) - more published security recommendations regarding Denial-of-Service Attacks available here.


Numerous businesses throughout the United States have recently received emails threatening Distributed Denial of Service (DDOS) attacks. A DDOS attack prevents legitimate users from accessing a company’s website by flooding it with huge amounts of data from multiple computers distributed across the internet.

In one such ongoing campaign, the group threatens the victim with a DDOS attack that will commence on Tuesday, May 3, 2016, unless a five Bitcoin ransom is paid ($2,000 at current Bitcoin market rates), with the ransom demand threatened to escalate during the duration of this campaign. It is likely this group and others are inspired by recent news reports that a group called Armada Collective raised $100,000 based on email threats alone, while not performing a single DDOS.

Organizations are discouraged from paying extortion demands. Paying ransoms:

  1. Does not guarantee an organization will not be targeted;
  2. Emboldens the adversary to target other organizations, or retarget the same organization, with additional extortion demands; and,
  3. Creates a lucrative environment for other criminals to engage in similar activity.

In all cases of extortion, to include DDOS extortion threats, organizations should immediately contact the local office of an appropriate law enforcement organization.


Example of recent DDOS Extortion Threat:



We have chosen your website/network as target for our next DDoS attack.

All of your servers will be subject to a DDoS attack starting at Tuesday the 3rd of May.

What does this mean?

This means that your website and other connected services will be unavailable for everyone, during the downtime you will not be able to generate any sales. Please also note that this will severely damage your reputation amongst your users / customers as well as strongly hurt your google rankings (worst case = your website will get de-indexed).

How do I stop this?

We are willing to refrain from attacking your servers for a small fee. The current fee is 5 Bitcoins (BTC). The fee will increase by 5 Bitcoins for each day that has passed without payment.

Please send the bitcoin to the following Bitcoin address: <address>

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment before Tuesday the 3rd of May or the attack WILL start!

What if I don't pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there's no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers and make sure your website will remain offline until you pay.

This is not a hoax, do not reply to this email, don't try to reason or negotiate, we will not read any replies. Once you have paid we won't start the attack and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.


The U.S. Computer Emergency Readiness Team (US-CERT) has published security recommendations regarding Denial-of-Service Attacks available at:
Additionally, it is recommended for organizations to work with computer systems providers, Internet Services Providers and other vendors to ensure appropriate mitigation measures are in place.