DDoS Extortion Campaign Targeting Various Organizations

The NJCCIC is aware of several reports involving a Distributed Denial-of-Service (DDoS) extortion campaign that has been threatening various organizations both within New Jersey and across the US. These organizations have reportedly received emails from a person or group identifying themselves as Phantom Squad that include a threat of a DDoS attack against their networks if a ransom amount, or “protection fee,” is not paid to Phantom Squad by September 30, 2017. According to an article by Bleeping Computer, security experts do not believe this threat will materialize as the actor or actors behind the campaign likely do not have the resources required to conduct effective attacks. The NJCCIC is unaware of any successful attacks stemming from this latest campaign and assesses with moderate confidence that the risk of this extortion campaign resulting in an actual DDoS attack is low. However, we do recommend impacted organizations review the alert posted on the ISC SANS forum, report the extortion attempt to their local PD and the NJCCIC, develop an incident response plan, and implement DDoS mitigation controls by engaging with your ISP or a third-party provider.