Armada Collective launches DDoS attacks against Greek banks

Three Greek banks have been targeted with distributed denial of service (DDoS) attacks, with cybercriminals demanding they pay a ransom in bitcoins.

The group claiming responsibility for the attacks, the so-called Armada Collective, said that they will continue their onslaught if they do not receive payment.

While they have managed to temporarily disrupt online banking capabilities for a short period of time, they have not breached security defences – sensitive information remains secure at all three institutions.

Greek’s central bank and the security forces were immediately informed of the cyberattacks and an investigation was launched. No ransom has been paid.

“It’s an easy to handle situation. There is no need for bank clients to worry.”

One anonymous banker told Reuters: “It’s an easy to handle situation. There is no need for bank clients to worry.”

Paul Vlissidis, director of domain services and technical director at the NCC Group, said that the Armada Collective has been noticeably active in recent months.

The focus of their cyberattacks have largely been businesses with websites that are easy to take offline, he explained.

“In effect, they say: ‘Give us bitcoin[s] or we will take you off the internet’,” he was quoted by the Financial Times as saying. “They claim to be able to do significant amounts of damage.”

Mr. Vlissidis added that the relatively low ransom demand – the pattern so far suggests ‘just’ a few thousand pounds are stipulated by the gang – is strategic: they hope to persuade enterprises to “just pay it and make it go away”.

Last month, the Armada Collective claimed responsibility for one of the DDoS attacks on ProtonMail, which resulted in the organization agreeing to pay the ransom that was demanded.

However, even after the bitcoins were delivered to the cybercriminals, the Switzerland-based encrypted email provider was still hit with further attacks.

Other enterprises that have been targeted by the group include Runbox and Hushmail. Forbes observed that the bitcoin addresses provided by the Armada Collective  – where the cryptocurrency is deposited – are “indeed linked”.

However, others have questioned whether this is the work of one gang, as copycats could simply be piggybacking on the name for leverage.

Author , We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.