Various website and cybersecurity administrators received emails over the past few days demanding that they pay one-fifth of a Bitcoin (currently about $780) in exchange for not facing a Distributed Denial of Service attack that would make their sites inaccessible to the public.
The emails - sent by a party calling itself "Phantom Squad" - appears to have been sent to hundreds, if not thousands, of companies worldwide. The email demands that the recipient "FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!" and notes that the recipient's "network will be DDoS-ed starting Sept 30st 2017" if the firm does not satisfy the criminals' demand in advance. It also notes that the price for terminating the attack once it starts will be 20 Bitcoin (about $78,000), going up by 10 Bitcoin ($39,000) per day until the fee is paid.
At this point, it is hard to know if the person or people behind the emails are the same as the party that launched various DDoS attacks in the past for which "Phantom Squad" has claimed responsibility. It could be the same party - or it could be someone leveraging the name to scare organizations into paying up.
In fact, anecdotally speaking, it seems that whoever is behind the present extortion attempts may not have the capabilities to deliver on his or her threat; typically, when someone threatens to carry out a DDoS attack, he or she will demonstrate possession of the relevant capabilities (by greatly increasing the traffic to the target site for a short period of time) before making a demand. In the present case, however, the criminal(s) involved have apparently not demonstrated any prowess. Likewise, the lack of specific targets seems unusual for a DDoS threat. Furthermore, the present extortion email is not a new form of threat - it is similar in nature and content to prior threats, including some seen for several months last year that were signed by "Armada Collective."
That said, there have been criminal groups (for example, DD4BCm) that did follow through on threats of an attack when extortion demands were not met.
What should you do if you received the email?
Do not pay the criminals anything.
As alluded to above, there is good reason to believe that you will not suffer any adverse consequences: the threats have been sent to an unusually large number of unrelated parties and the criminals have not demonstrated that they can actually carry out their threats. Furthermore, even if the threats are real, who is to say that paying the extorted amount now won't just cause the criminals to demand more in the future? Contacting the criminals is also unwise - why let them know that you received the email and are concerned?
Instead, make sure that you have DDoS protection in place. There are many firms that offer various forms of protection.
Also, be sure to see my piece running later this week in which I will discuss an emerging technology that may help make DDoS attacks a "thing of the past."