We just got an email from Armada Collective or someone who is pretending to be Armada Collective hackers group. They threaten us with DDoS and ask for money.
The DDoS (Distributed Denial of Service) attack is a hackers activity to make an online service unreachable, regularly this done by crushing a victim’s server or network with overwhelming requests from tons of previously infected PCs and mobile devices.
If you get a SPAM from Armada Collective, you will need to follow these steps to prevent your system down.
Step 1. DO NOT OPEN any links – Remember that links in such e-mails could be infected or tracked
Step 2. Do not support cyber terrorists, you won’t get away from them and they will continue cheating and threatening you
Step 3. Forward such letters to your hosting provider to take further actions and prepare to a potential danger
Example of a real letter with the threat:
Armada Collective email@example.com Date: 2016-04-19 02:06:03 Message: FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION! We are Armada Collective. Most importantly, we have launched largest DDoS in Swiss history and one of the largest DDoS attacks ever. Search for "ProtonMail DDoS" All your servers will be DDoS-ed starting Monday (April 25) if you don't pay protection fee - exactly 10.23 Bitcoins @ [bitcoin wallet number was here] If you don't pay by Monday, attack will start, yours service going down permanently price to stop will increase to 20 BTC and will go up 10 BTC for every day of attack. This is not a joke. Our attacks are extremely powerful - peak over 1 Tbps. Do not reply, we will not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US! Bitcoin is anonymous, nobody will ever know you cooperated.
Here is one more opinion from hosting & security expert regarding the “DDoS threat” emails:
I would recommend you do not respond to this message and don’t give in to their demands. It might be an empty threat and even if it is not you risk being attacked anyway unless you pay them even more bitcoins.
You should forward this email to the abuse department of the hosting provider where the email came from, including headers, so they can shut down this email account or the server it’s being hosted on. The mailserver for this domain is hosted by hostway, but without seeing all mail servers I can’t be sure this is where the email originated from.
I would also recommend you move your website elsewhere and put it behind a DDoS protection service such as CloudFlare.
You might also consider reporting this to the police. Even if it will not help to find the criminals behind this threat it will at least be reported to make the authorities aware about them.
Protect yourself and don’t get scammed! If you need tool to protect yourself from hackers on open Wi-Fi’s – get on board with our VPN.
Meanwhile after publishing this post. One more email from Armada Collective:
Armada Collective firstname.lastname@example.org Date: 2016-04-19 14:57:02 Message: Since we don't need this kind of publicity right now, delete that post from your blog and you are free. If not, attack will start on your site and price to stop will go to 20 BTC instantly. You have 2 hours.
Remember, do not reply to such emails. Forward them to email@example.com (abuse department of Tutanota email provider) with minor comments.
As soon as most email provides don’t support terrorists or blackmailers, scammer’s email accounts will be banned.
P.S. Who would ask to delete the blog post if he could DDoS the blog itself and make it unavailable?