DDoS attack threat - scam

phb · 27 October 2020 05:40

We received the following email today and it is quite threatening and concerning to the uninitiated…

PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

==========================================

We are the Voodoo Bear and we have chosen [redacted] as target for our next DDoS attack.
Please perform a google search for “Voodoo Bear” to have a look at some of our previous work.

Your network will be subject to a DDoS attack starting at 2020 November 2nd (Monday).

THIS IS NOT A HOAX, and to prove it right now we will start a small attack on [redacted] that will last for 30 minutes.
It will not be heavy attack, and will not cause you any damage so don’t worry, at this moment.

This means that your website, e-mail and other connected services will be unavailable for everyone.

We will refrain from attacking your servers for a small fee.
The current fee is $1050(USD) in bitcoins (BTC). The fee will increase by 1000 USD for each day after deadline that passed without payment.

Please send Bitcoin to the following Bitcoin address (cAsE-SeNsitIve):

1K99ZNYnPwsvkqnw8BhwJmf6EgFiM3iGop

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you coinmama.com or https://buy.coingate.com/ for buying bitcoins.

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment before the deadline or the attack WILL start!

If you decide not to pay, we will start the attack on the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution (Cloudflare, Sucuri, Imperva and similar services are useless, because we will hit your network directly).

We will completely destroy your reputation and make sure your services will remain offline until you pay.
We will also download your database and do as much damage as possible.

Do not reply to this email, don’t try to reason or negotiate, we will not read any replies.

Once you have paid we won’t start the attack and you will never hear from us again.

Please note that Bitcoin is anonymous and no one will find out that you have complied.

– Voodoo Bear team

The email is that which has been proven as a fake Cozy Bear scam.

meltam · 27 October 2020 08:33

Thanks for the warning, and link to Akami showing it is a fake copycat.

dawnchaser · 27 October 2020 14:03

received similar message about a DDoS attack treat on our project. Didn’t paid. didn’t happened anything. this is some sort of scam simply to send your money. assuming they send such messages to thousands of project, at least 1-2 pays and they are good enough…
scammers…

Fred123 · 27 October 2020 21:14

Did you send a “suitability worded” reply just in case there is actually a reply function?

Please feel free to ask for suggestions for a reply.

dawnchaser · 28 October 2020 14:05

thanks a lot, will do

phb · 28 October 2020 21:06

Replying unfortunately will only generate more similar emails as they (assuming it isn’t a hacked email account) see a reply as they will know the receipt email address is active.

Fred123 · 28 October 2020 21:11

They should know that already if the email didn’t bounce.

phb · 28 October 2020 21:19

Many business email addresses may exist but not be active, as well as the business ceasing but domains/hosting servers still in place.

The email it came from looked like a hacked account, possibly won through phishing. It is likely the hacked email account user will be inundated with emails of various sorts. The hacked email would be used for a short period before they move onto the next…as the user is likely to re-secure their email account/server to lock out the unauthorised access.

dawnchaser · 29 October 2020 15:40

isn’t it limited the emails you can get?

phb · 29 October 2020 20:20

Do you meal free email?

Most free emails have receipt number limitations and look for suspicious behavior like huge number of sent emails indicating spam. Software shuts down the email account as soon as suspicious activity is identified… which might be after a small number were sent.

This is why hacked emails are used as often there are no such limitations and it is usually identified only after the event.

grahroll · 30 October 2020 02:54

Not necessarily bounced if the Mail server just discards errant emails, mine does as do many others.

cmrs · 1 November 2020 01:04

It is a pity when they waste their time trying to scam a troglodyte like me, who owns one PC almost as old and infirm as I, has not network, does not know or trust bitcoin and can’t careless about threats like that.
Incidentally, my gmail correctly classed and filed a similar threat as spam.

PhilT · 1 November 2020 04:30

My agency had an ironport in front of our email systems. It discarded upwards of 10,000 emails even on the quietest of days.

bobw · 2 November 2020 03:09

Never respond, just ignore. Responding just confirms your email address is valid and you’l get more spam.

phb · 5 November 2020 07:03

No surprises, there was not DDoS attack on our domain on the 2 November 2020.

Join the conversation

Ask a question. Share tips. Help others.

Make yourself heard

Join our forum and be part of Australia’s biggest consumer movement.

DDoS attack threat - scam