An unknown group of criminals have been successful in extorting Cloudflare customers out of hundreds of thousands of dollars simply by threatening denial of service attacks, but never actually executing one.
Cloudflare's founder and chief executive Matthew Prince revealed that over a hundred Cloudflare customers had received emails from the "Armada Collective" demanding "protection fees" of 10 to 50 Bitcoin (A$6000 - A$30,000) over the past two months.
However, Cloudflare has been unable to find any trace of denial of service attacks carried out by the Armada Collective. Prince noted that the threat emails use the same Bitcoin address for payments, meaning it wouldn't be possible for the extortionists to tell who had paid the ransom.
The threat of service interruption has been enough to scare Cloudflare customers into paying over US$100,000 to the extortionists, Prince said.
Cloudflare competitor and content delivery specialist Akamai last November said it had analysed a spate of denial of service attacks against its customers, allegedly conducted by the Armada Collective.
Although the blackmailers claimed to be able to launch attacks of up to one terabit per second, the largest traffic flood attributable to Armada Collective, according to Akamai, measured only 772 megabits per second.
Akamai speculated at the time that the Armada Collective was another name for the DD4BC gang, whose alleged leader was arrested by Europol in January this year.
Prince agreed the Armada Collective and DD4BC were likely one and the same. The present threats appear to be sent out by copycats leveraging the reputation of the original denial of service blackmailers and scaring users into paying the money.
Last year, the extortionists are succesfully blackmailed Swiss email provider Protonmail, which paid the ransom, only to be attacked later on.
Switzerland's computer emergency response team warned late last year that the Armada Team was targeting high-profile hosting providers in the country.
The Swiss govCERT advised victims not to pay the blackmailers but to apply mitigation techniques against denial of service attacks with the help of their internet service providers, and to contact the police instead.