Just to be clear though, this helps you not contribute to the problem, it doesn’t protect you from attacks. It’s more of a good citizen thing.
From: Mike Hammett Sent: Saturday, July 30, 2016 7:48 AM To: [email protected] Subject: [SPAM] Re: [AFMUG] FWD: ATTENTION: Ransom request!!! https://www.shadowserver.org/wiki/ Seriously, if you're not doing BCP38, you should go out back and whip yourself with a wet rope. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP -------------------------------------------------------------------------------- From: "Jon Auer" <[email protected]> To: "Animal Farm" <[email protected]> Sent: Friday, July 29, 2016 10:41:59 PM Subject: Re: [AFMUG] FWD: ATTENTION: Ransom request!!! There have been a couple flavors of this. One uses a common bitcoin address and is a scam of the scam, the other uses unique wallet addresses per target so they can tell which target pays up. Since the wallet address doesn't show up in search results I'd assume this is the latter... FWIW I've seen their stunts max out Cogent's pipes feeding a metro POP (not a lit building in a metro, the main POP for a metro). So, everyone is doing BCP38 filtering on their networks, right? Maybe also using a service like Qrator Radar to monitor your netblocks for abusable services? This is one of those things where everyone that isn't part of the solution is part of the problem :) On Fri, Jul 29, 2016 at 9:20 PM, Eric Kuhnke <[email protected]> wrote: Pay and we'll know it's you, don't reply we won't read... Well if you are a sucker and make a new btc wallet, and pay, how do they know what website or set of IPs is associated with which payment if they don't take incoming communications? It's a scam. On Jul 29, 2016 6:46 PM, "Roland Houin" <[email protected]> wrote: anyone else get this? roland ---------- Forwarded Message ---------- FROM: Armada Collective <[email protected]> TO: [email protected] CC: DATE: 29 Jul 2016 23:21:10 -0000 RE: ATTENTION: Ransom request!!! FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION! We are Anonymous. All your servers will be DDoS-ed starting Sunday (Jul 31 2016) if you don't pay 5 Bitcoins @ 1PR8naoESWCbNzeTYK8TbL87CnBgchZexf When we say all, we mean all - users will not be able to access sites host with you at all. Right now we will start 15 minutes attack on your site's IP 208.95.136.26. It will not be hard, we will not crash it at the moment to try to minimize eventual damage, which we want to avoid at this moment. It's just to prove that this is not a hoax. Check your logs! If you don't pay by Sunday, attack will start, price to stop will increase by 1 BTC for every day of attack. If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time. This is not a joke. Our attacks are extremely powerful - sometimes over 1 Tbps per second. So, no cheap protection will help. Prevent it all with just 5 BTC @ 1PR8naoESWCbNzeTYK8TbL87CnBgchZexf Do not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US! Bitcoin is anonymous, nobody will ever know you cooperated.
