The Phantom Squad and the latest epidemic of DDoS ransom demands


With the way DDoS attacks have ravaged the internet, particularly in the last few years, there is an untold number of businesses and websites that are haunted by the devastation these cyberassaults have caused. How fitting then that a new wave of DDoS ransom demands targeting thousands of organizations all over the globe are allegedly coming from the Phantom Squad. Isn’t it wonderful when criminals put a little extra effort into their misdeeds? Here’s everything you need to know about DDoS, ransom demands, and getting into a position where you can stop worrying about all of the above.

DDoS details

DDoS stands for distributed denial of service, and the most basic DDoS meaning is a cyber attack that takes target websites offline by overwhelming the victim server with requests or by saturating the victim network’s bandwidth. This is accomplished with the collective computing resources of a network of hijacked computers and devices called a botnet.

DDoS attacks have been a problem facing websites, businesses, governments and other organizations for over 15 years, but it’s over the last few that these attacks have truly risen to prominence. This is for a few different reasons, including the increased skill and creativity of attackers, the growth of the Internet of Things and the billions of unsecured devices available to help build some of the biggest botnets ever seen, the creation of DDoS for hire services, and the influx of DDoS ransom notes.

Driven by fear

For bigger companies and enterprises, just one hour of a successful distributed denial of service attack can cost between $20,000 and $100,000. While many businesses and websites would not suffer immediate monetary damages anywhere near that amount, the other effects of a DDoS attack can be atrocious for any victim.

DDoS attacks are capable of causing software as well as hardware damage, and can be used as a distraction for hackings and intrusions that can result in data theft – a death knell for many organizations in the courtroom and the court of public opinion. Perhaps the costliest distributed denial of service attack consequence for websites and businesses of all sizes is the frustration and distrust that can be instilled in users when the sites and services they want to use are unavailable due to a type of cyberattack that has inspired warning after warning, and the long-term loss of loyalty that frustration and distrust can breed.

It’s because of all the havoc these attacks so easily wreak that the DDoS ransom business has become a cottage industry.

Extortion opportunities

DDoS ransom notes are emailed threats that demand payment in exchange for a distributed denial of service attack not being launched. Some DDoS ransom notes are accompanied by a small attack, one that serves to prove DDoS capabilities are at the fingertips of the note-senders.

DDoS ransom notes have been somewhat regarded as a pastime of script kiddies or people using DDoS for hire services to try and make a quick buck, but a September blast of DDoS ransom notes that went out to thousands of organizations were purportedly from the Phantom Squad, a known hacker group. While the average DDoS ransom note may be easy to ignore, one that comes from a group with a proven history of taking down online gaming servers may give website and business owners pause – and prompt the requested payment of 0.2 Bitcoin, around $750 USD.

The problem with payment

Giving in to a DDoS ransom note immediately marks the payer as an easy target, one that obviously lacks DDoS protection. A DDoS ransom note, even one alleged to be from a known hacker group, is much easier to ignore when professional mitigation is in place. Cloud-based DDoS protection with granular traffic inspection provides the scalability necessary for attacks that target the network and the sophistication needed to deal with attacks on the server. Reliable protection from DDoS attacks coming from ransom note senders, professional attackers, competitors, disgruntled customers, and people just being jerks on the internet is a decision that will haunt no one.