In the latest developments, it has been found that Fancy Lazarus cybergang has been actively targeting organizations with ransom DDoS attacks, as has been reported by Proofpoint.
Malicious Fancy Lazarus new tactics:
According to the latest Proofpoint research, Fancy Lazarus has been transmitting targeted emails to several U.S based organizations.
These emails reportedly consist of threatening Ransom DDoS attacks to these organizations and it appears as though the Fancy Lazarus APT is conducting yet another cybercrime campaign after their last spotting back in October 2020.
Detailing the RDDoS attack that is deployed by FancyLazarus, the research provided that the victims are treated about the cyberattack in seven days and if they fail to meet the ransom demand, the damage of a potential to the organization is also issued by the threat actors. The group threatens to launch a small DDoS attack with an attack speed of 2Tbps.
Also read,
Threatening organizations with extortion emails:
The malicious extortion emails are deployed to the target organizations in an HTML-based plain text or a JPG mage to avoid detection.
Subsequently, these emails are forwarded to specific receipts who likely listest as contacts in BGP, WHOIS information, or who are working in external relations, communications, and investor relations domains.
According to Proofpoint researchers, the majority of the targeted organizations are observed to be invested in multiple sectors such as financial, public services, retail, insurance, and so forth.
Fancy Lazarus is apparently demanding ransom with the starting bid as 2 BTC which evaluates to approximately $75,000 at the time of writing the article, so as to avoid the DDoS attack.
If the organization fails to meet the primary deadline of the ransom demands, the ransom price doubles to 4 BTC and keeps on increasing by 1 BTC for every delayed day.
Experts are of the opinion that it is rather hard to make a definitive connection, however, the timing of Fancy Lazarus campaigns is similar to high-profile ransomware attacks that happened in the past six months in the same industries.
A definitive hit ratio of the latest campaign of malicious Fancy Lazarus has not been put forth as of yet but is safe to assume that even a low or average hit ratio is a profitable tactic.