A hacker group is threatening VPN providers with DDOS attacks

brian krebs project shield ddosattack

BlackVPN, a provider of virtual private network (VPN) software, has refused to pay a ransom demand from hacker group Armada Collective, which threatened to unleash a DDOS attack on the company if it didn’t pay up.

According to a blog post, BlackVPN received an email threat from the group demanding it pay 10.08 bitcoins (about $4,600) by Monday or “yours [sic] service going down” and the ransom demand will go up in price every day of non-payment. “Bitcoin is anonymous, nobody will ever know you cooperated,” said the email.


Armada Collective is allegedly the group of hackers that targeted encrypted email service Protonmail last year and successfully nabbed nearly $6,000 from the Swiss company after pummeling its servers with traffic.

It’s unclear if the people threatening BlackVPN are the same group or just copycats. As with Anonymous, it’s almost impossible to verify when someone claims to be speaking on behalf of the group. A report in December even pointed out how these hacker groups are regularly imitated.

BlackVPN said it received the threat last Monday, April 18, and has been preparing for the alleged DDOS onslaught that was promised today.

The VPN provider acknowledged that on Saturday, April 16, disruptions to its network were caused by a small DDOS attack that it was not prepared for. No intrusions were detected, it added. The company has said that since then, it has been preparing to withstand a possible attack, and it told customers that they are safe.

“The threat is only against BlackVPN’s systems and attacking our service will not compromise or threaten our customers’ privacy or security,” it wrote. “The worst case scenario is that our VPN service and support systems are unavailable during the attack.”

The blog post added that it was aware of two other VPN providers that have received similar threats, but did not name them.

“We hope that our transparency will encourage other VPN services to speak up if they have also received a blackmail threat — now and in the future,” said the company.

Last week, the VPN service Cloak received a very similar email, also demanding around 10 bitcoins. That company also denied the extortion attempt and it does not appear to have suffered any major downtime since then.

But the hacker group has had some success allegedly. SCRYPTmail, another encrypted email provider, received a ransom of 10.12 bitcoin this past weekend when faced with the same threats from Armada Collective and paid a tiny fraction of it, just a couple of cents.

It’s not clear if Armada Collective is the same group that is behind the threats to Cloak, SCRYPTmail, and other VPNs. If so, the cyber criminals may be sending out multiple threats to VPN providers just to see if anyone will bite. According to BlackVPN, the group would only be effective in attacking one service at a time.