Aled, You might want to dig a bit into extortion: https://blogs.akamai.com/sitr/2019/11/fake-cozy-bear-group-making-ddos-extortion-demands.html https://www.cert.govt.nz/it-specialists/advisories/ddos-extortion-campaign-targeting-financial-sector/
The sources might not be the most recent ones, but the principle stays the same: extortion letter from a random group, ransom to be paid in bitcoins, and after you paid you might not be attacked. For Protonmail it did not work: https://www.bleepingcomputer.com/news/security/protonmail-ddos-attacks-are-a-case-study-of-what-happens-when-you-mock-attackers/ Consider there might be a list of companies willing to pay a ransom in the dark web, attracting more attackers. Short term: prepare for the worst (consider DDoS Mitigation), hope for the best and don't pay the ransom. >From my experience, working with law enforcement only works in the very >long-term and does not change your actual situation. @group, please correct me where I'm wrong. Best regards, Stefan -- Send by my smartphone. Please excuse typos, sometimes it's not that smart. -------- Ursprüngliche Nachricht -------- Von: Aled Morris <[email protected]> Datum: 04.02.20 09:00 (GMT-10:00) An: [email protected] Betreff: [uknof] Extortion? Has anyone else had this recently? accompanied with a massive and sustained DDoS? and can you recommend a law enforcement agency who will take it seriously? (unlike local plod) Aled From: Shinbolx <[email protected]<mailto:[email protected]>> Sent: 04 February 2020 14:58 To: xxx Subject: Dear Business Owner Dear Business Owner, We are Shinbilx, an cyber-organization that find bugs and other vulnerabilities. Your business is vulnerable to get exploited with multiple attacks. We will continue to exploiting your business with attacks until you pay a little fee of 3500 GBP. After payment, we will have no reason to continue, and we will stop and never will do that again. We accept bitcoin payment. You can buy bitcoins here: https://buy.changelly.com/<https://urldefense.proofpoint.com/v2/url?u=https-3A__buy.changelly.com_&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=2IeH-82zTEPIcRFSqW3O1l-YZfl37SAvpnMOxK_8CYA&m=Dh8BxVPkHae5QjKEl6quTrXGVsAh87DcLZkPuhdgkn4&s=SD-TVVq_vcp6tNgezZkxDWrbLSDKS3BJDZU0FO279hI&e=> or https://coinbase.com<https://urldefense.proofpoint.com/v2/url?u=https-3A__coinbase.com&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=2IeH-82zTEPIcRFSqW3O1l-YZfl37SAvpnMOxK_8CYA&m=Dh8BxVPkHae5QjKEl6quTrXGVsAh87DcLZkPuhdgkn4&s=N5hBpzKlnwrxs0qXUDscsL9V5-5b5WbGgtAQ5lqCWOc&e=> Address 14XUpNzEPYWVhsXmG3A15wC5Ffirxuk7dB You can split the payment into two parts. Have a great day, Shinbilx
