Warning about the DDoS Extorters RedDoor in Germany, Austria and Switzerland

  • Katrin Graewe
  • March 24, 2016


Warning about the DDoS Extorters RedDoor in Germany, Austria and Switzerland

Current circumstances lead the DDoS protection specialist Link11 to warn about DDoS extortions by the group “RedDoor”. Since the beginning of the week the extorters are pressuring the e-commerce industry. In addition Link11 has first leads to new activity from Armada Collective in Germany.

Frankfurt, March 24th 2016 – A new wave of DDoS extortions is threatening online vendors in Germany. This time cybercriminals carrying the alias “RedDoor” are demanding a ransom of 3 Bitcoins from all shops they contact. Link11 protects various businesses and projects that have become victim of the extortion mailing. Ever since March 23rd the Link11 Security Operation Center (LSOC) is cooperating with affected e-commerce providers and the authorities to support the investigations.

RedDoor is operating with already known patterns of DDoS extortions: The criminals send out emails using an anonymous email service in which they demand a ransom of 3 Bitcoins. The affected businesses only have 24 hours to wire the payment onto an individual Bitcoin account.

RedDoor threatens with a large volume DDoS attack in case the blackmailed company decides not to pay. The extorters threaten to use UDP Floods with a bandwidth from 400 to 500 Gbps. Additionally the ransom jumps up to 10 Bitcoins and will rise by the hour.

The extortion mails are similar to those of known extortions by DD4BC. But the style of operation resembles the work of Armada Collection. So it can be assumed that RedDoor is a copycat of these internationally active extortion groups.

The internationally operating DDoS extorters Armada Collective have re-emerged in Switzerland on March 9th. This time they are focusing on financial businesses and online shops. According to first information received by the LSOC Armada Collective has expanded their activities to Germany on March 24th as well.

RedDoor is currently focusing primarily on German e-commerce businesses. The Link11 Security Operation Center (LSOC) expects these extortions to spread out to other industries as well.

In case the attackers initiate their volume attacks Link11 will immediately defend these and protect the attacked businesses. The LSOC will additionally focus on analyzing the attack data.

Frequent updates on the state of DDoS security from Link11

DDoS extorters are striking more frequently. Businesses should always keep up to date on the DDoS threat level for their industry. Currently the website www.ddos-info.de offers information on attacks and extortion activities in German speaking countries such as Germany, Austria and Switzerland. Additionally the website offers a free warning service on extortion waves as well as threatening attacks.

VOIP and DOS / SPIT – History and Challenges
What are DNS Amplification Attacks
This site is registered on wpml.org as a development site.