For the past week, a group of criminals has been launching DDoS attacks against companies in the financial sector and
demanding ransom payments while posing as "Fancy Bear,"
the infamous hacking group associated with the Russian government, known for hacking the White House in 2014 and the DNC in 2016. From a report:
The attacks, brought to ZDNet's attention by one of our readers, were confirmed today by Link11 and Radware, two companies that provide DDoS mitigation services and have documented similar "ransom denial-of-service" (RDOS) attacks in the past years. In an interview with ZDNet, Daniel Smith, Radware ERT researcher, said the attacks started last week and targeted the financial vertical. Smith said "the group is launching large scale, multi-vector demo DDoS attacks when sending victims the ransom letter."
A Link11 spokesperson said the same thing, adding that the purpose of these demo attacks is to serve as an initial warning and intimidation factor, to convince victims into paying the ransom demand. According to a copy of the ransom letter, the group is sending victims, the fake Fancy Bear group is asking for payments of 2 bitcoin, which is about $15,000 at today's exchange rate.