DDoS Erpressung per E-Mail von Fancy Bear und Cozy Bear

Aktuell geht wieder eine Erpresser E-Mail durch das Internet.
Diesmal wird damit gedroht, die Webseite mit DDoS (Distributed Denial of Service) anzugreifen, damit die Webseite nicht mehr erreichbar ist.
Es wird dazu aufgefordert, einen hohen Geldbetrag (1050 USD) an die folgende Bitcoin Wallet zu senden:

13NzNVj9UDQs2FLHxdmaXbmWwYHmQFk3FH

Es wird auch eine Dringlichkeit suggeriert, indem sich der Betrag erhöhen soll, wenn man nicht rechtzeitig überweist.

Bitte auf keinen Fall einer Zahlung nachkommen, da es sich hier um einen Betrugsversuch / Scam handelt!

Hier der ganze Text der Mail:

Von: Johnny Fisher <johnny-fisher@coronaxy.com>
Gesendet: Dienstag, 27. Oktober 2020 15:30
An: xxx
Betreff: If xxx, xxx is important to you, you must read this

PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

==========================================

We are the Fancy Bear and we have chosen your company as target for our next DDoS attack.
Please perform a google search for "Fancy Bear" to have a look at some of our previous work.

Your network will be subject to a DDoS attack starting at 2020 November 2nd (Monday).

THIS IS NOT A JOKE, and to prove it right now we will start a small attack on xxx, xxx that will last for 30 minutes.
It will not be heavy attack, at this moment.

What does this mean?

This means that your website and other connected services will be unavailable for everyone.
Please also note that this will severely damage your reputation amongst your users / customers.

How to stop this?

We are willing to refrain from attacking your servers for a small fee.

The current fee is $1050(USD) in bitcoins (BTC).
The fee will increase by 1000 USD for each day after 2020 November 2nd that has passed without payment.

Please send Bitcoin to the following Bitcoin address (cAsE-SeNsitIve):

13NzNVj9UDQs2FLHxdmaXbmWwYHmQFk3FH

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM.
We suggest you coinmama.com or buy.coingate.com for buying bitcoins.

Once you have paid we will automatically get informed that it was your payment.
Please note that you have to make payment before the deadline (2020 November 2nd ) or the attack WILL start!

What if you don't pay?

If you decide not to pay, we will start the attack on the indicated date and uphold it until you do,
there's no counter measure to this, you will only end up wastingmore money trying to find a solution (Cloudflare, Sucuri, Imperva and similar
services are useless, because we will hit your network directly).

We will completely destroy your reputation and make sure your services will remain offline until you pay.
We will also download your database and do as much damage as possible.

Do not reply to this email, don't try to reason or negotiate, we will not read any replies.

Once you have paid we won't start the attack and you will never hear from us again.

Please note that Bitcoin is anonymous and no one will find out that you have complied.

-- Fancy Bear team

Update 1:

Es ist auch noch eine zweite Mail im Umlauf um mit dem Absender “– Cozy Bear team” und der Bitcoin Wallet

1A7SyBZ95TmLfyMe5RvXToWrQnuMAqgp9q

Ansonsten ist die Mail identisch mit der vom “Fance Bear team”.

Lediglich der Absender und der Betreff unterscheiden sich:

Von: Alexander Lee <alexanderlee@coronaxy.com>
Gesendet: Dienstag, 27. Oktober 2020 13:19
An: xxx
Betreff: Your website xxx, xxx is in danger

 

Update 2:

Es ist noch eine weitere Bitcoin Wallet im Umlauf, auf die Bitcoins eingezahlt werden sollen:

1BfPkfWHPJKocbeCrDigLy8BDnZKycNc87
Letzte Artikel von Norbert Hofmann (Alle anzeigen)

Norbert Hofmann

Ich bin ein leidenschaftlicher ITler und ich liebe IT-Security. In meiner Freizeit tanze ich sehr gerne Standard.