Threat actors have been sending their targets a barrage of ransomware notes to extort and manipulate the stock prices of several companies. These ransomware notes were distributed through a chain of text messages sent to every target firm and organisation’s superiors.
A distributed denial-of-service (DDoS) ransomware threat actor targets a client of a cybersecurity firm Imperva, which affected a website with approximately two and a half million requests per second. Researchers have also observed a lot of ransomware notes that kept updating with time within the earlier requests.
Based on the reports, threat actors first send a note before launching a DDoS attack. Once the target receives the malicious message, the attack will get onto the targeted network. Hackers purposely do this kind of attack to create panic and urge victims to pay the ransom immediately.
The hackers distribute the malicious messages to the targeted company’s CEOs, stating that they should provide one bitcoin a day if they want the ransomware actors to stop the DDoS attacks.
Furthermore, several embedded ransomware notes are signed with “REvil this is our dominion,” implying that the DDoS campaign may be affiliated with the REvil group.
However, some experts believe that the unidentified used the name REvil as a decoy to hide their identity.
Another threatening detail regarding this campaign is that the threat actors distributed about 15 million requests to a single site with a new message that advised the CEO to tank its stock price by millions in market cap.
Based on the evidence provided by researchers, the DDoS campaign originated from the Meris botnet, which utilises thousands of IoT devices hacked due to a long-standing flaw tracked as CVE-2018-14847, which exists inside MicroTik routers.
Threat actors worldwide have become innovative with tactics, techniques, and procedures to target high-end businesses and organisations. Experts suggest that organisations should invest in their network security systems to mitigate the chances of getting hit by such attacks.
