DDoS attack threat - scam

We received the following email today and it is quite threatening and concerning to the uninitiated…



We are the Voodoo Bear and we have chosen [redacted] as target for our next DDoS attack.
Please perform a google search for “Voodoo Bear” to have a look at some of our previous work.

Your network will be subject to a DDoS attack starting at 2020 November 2nd (Monday).

THIS IS NOT A HOAX, and to prove it right now we will start a small attack on [redacted] that will last for 30 minutes.
It will not be heavy attack, and will not cause you any damage so don’t worry, at this moment.

This means that your website, e-mail and other connected services will be unavailable for everyone.

We will refrain from attacking your servers for a small fee.
The current fee is $1050(USD) in bitcoins (BTC). The fee will increase by 1000 USD for each day after deadline that passed without payment.

Please send Bitcoin to the following Bitcoin address (cAsE-SeNsitIve):


You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you coinmama.com or https://buy.coingate.com/ for buying bitcoins.

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment before the deadline or the attack WILL start!

If you decide not to pay, we will start the attack on the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution (Cloudflare, Sucuri, Imperva and similar services are useless, because we will hit your network directly).

We will completely destroy your reputation and make sure your services will remain offline until you pay.
We will also download your database and do as much damage as possible.

Do not reply to this email, don’t try to reason or negotiate, we will not read any replies.

Once you have paid we won’t start the attack and you will never hear from us again.

Please note that Bitcoin is anonymous and no one will find out that you have complied.

– Voodoo Bear team

The email is that which has been proven as a fake Cozy Bear scam.


Thanks for the warning, and link to Akami showing it is a fake copycat.


received similar message about a DDoS attack treat on our project. Didn’t paid. didn’t happened anything. this is some sort of scam simply to send your money. assuming they send such messages to thousands of project, at least 1-2 pays and they are good enough…


Did you send a “suitability worded” reply just in case there is actually a reply function?

Please feel free to ask for suggestions for a reply.


thanks a lot, will do

Replying unfortunately will only generate more similar emails as they (assuming it isn’t a hacked email account) see a reply as they will know the receipt email address is active.


They should know that already if the email didn’t bounce.

Many business email addresses may exist but not be active, as well as the business ceasing but domains/hosting servers still in place.

The email it came from looked like a hacked account, possibly won through phishing. It is likely the hacked email account user will be inundated with emails of various sorts. The hacked email would be used for a short period before they move onto the next…as the user is likely to re-secure their email account/server to lock out the unauthorised access.

isn’t it limited the emails you can get?

Do you meal free email?

Most free emails have receipt number limitations and look for suspicious behavior like huge number of sent emails indicating spam. Software shuts down the email account as soon as suspicious activity is identified… which might be after a small number were sent.

This is why hacked emails are used as often there are no such limitations and it is usually identified only after the event.

Not necessarily bounced if the Mail server just discards errant emails, mine does as do many others.


It is a pity when they waste their time trying to scam a troglodyte like me, who owns one PC almost as old and infirm as I, has not network, does not know or trust bitcoin and can’t careless about threats like that.
Incidentally, my gmail correctly classed and filed a similar threat as spam.


My agency had an ironport in front of our email systems. It discarded upwards of 10,000 emails even on the quietest of days.


Never respond, just ignore. Responding just confirms your email address is valid and you’l get more spam.


No surprises, there was not DDoS attack on our domain on the 2 November 2020.

1 Like