Skip to main content

A hacker group is threatening VPN providers with DDOS attacks

brian krebs project shield ddosattack
Image used with permission by copyright holder
BlackVPN, a provider of virtual private network (VPN) software, has refused to pay a ransom demand from hacker group Armada Collective, which threatened to unleash a DDOS attack on the company if it didn’t pay up.

According to a blog post, BlackVPN received an email threat from the group demanding it pay 10.08 bitcoins (about $4,600) by Monday or “yours [sic] service going down” and the ransom demand will go up in price every day of non-payment. “Bitcoin is anonymous, nobody will ever know you cooperated,” said the email.

Image used with permission by copyright holder

Armada Collective is allegedly the group of hackers that targeted encrypted email service Protonmail last year and successfully nabbed nearly $6,000 from the Swiss company after pummeling its servers with traffic.

It’s unclear if the people threatening BlackVPN are the same group or just copycats. As with Anonymous, it’s almost impossible to verify when someone claims to be speaking on behalf of the group. A report in December even pointed out how these hacker groups are regularly imitated.

BlackVPN said it received the threat last Monday, April 18, and has been preparing for the alleged DDOS onslaught that was promised today.

The VPN provider acknowledged that on Saturday, April 16, disruptions to its network were caused by a small DDOS attack that it was not prepared for. No intrusions were detected, it added. The company has said that since then, it has been preparing to withstand a possible attack, and it told customers that they are safe.

“The threat is only against BlackVPN’s systems and attacking our service will not compromise or threaten our customers’ privacy or security,” it wrote. “The worst case scenario is that our VPN service and support systems are unavailable during the attack.”

The blog post added that it was aware of two other VPN providers that have received similar threats, but did not name them.

“We hope that our transparency will encourage other VPN services to speak up if they have also received a blackmail threat — now and in the future,” said the company.

Last week, the VPN service Cloak received a very similar email, also demanding around 10 bitcoins. That company also denied the extortion attempt and it does not appear to have suffered any major downtime since then.

But the hacker group has had some success allegedly. SCRYPTmail, another encrypted email provider, received a ransom of 10.12 bitcoin this past weekend when faced with the same threats from Armada Collective and paid a tiny fraction of it, just a couple of cents.

It’s not clear if Armada Collective is the same group that is behind the threats to Cloak, SCRYPTmail, and other VPNs. If so, the cyber criminals may be sending out multiple threats to VPN providers just to see if anyone will bite. According to BlackVPN, the group would only be effective in attacking one service at a time.

Editors' Recommendations

Jonathan Keane
Former Digital Trends Contributor
Jonathan is a freelance technology journalist living in Dublin, Ireland. He's previously written for publications and sites…
Cloudflare just stopped one of the largest DDoS attacks ever
Hands on a laptop.

Cloudflare, a company that specializes in web security and distributed denial of service (DDoS) attack mitigation, just reported that it managed to stop an attack of an unprecedented scale.

The HTTPS DDoS attack was one of the largest such attacks ever recorded, and it came from unusual sources -- data centers.

Read more
Microsoft stopped the largest DDoS attack ever reported
Nvidia T4 Enterprise Server Wall

Distributed Denial-of-Service (DDoS) attacks have become more common, and Microsoft recently published a blog post looking into the trends for such attacks on its own servers. In that post, the company says that, at one point, it stopped one of the largest-ever-recorded DDoS attacks on a Microsoft Azure server in Asia.

According to Microsoft's data, in November, an unnamed Azure customer in Asia was targeted with a DDoS attack with a throughput of 3.47 Tbps and a packet rate of 340 million packets per second (pps.) The attack came from 10,000 sources from multiple countries across the globe, including China, South Korea, Russia, Iran, and Taiwan. The attack itself lasted 15 minutes. Yet it is not the first one of such scale, as there were two additional attacks, one of 3.25 Tbps and another of 2.55 Tbps in December in Asia.

Read more
Cloudflare reports a massive 175% increase in DDoS attacks
Person using laptop with security graphics in front.

Cloudflare, a web infrastructure and security company, has just released a report titled "DDoS Attack Trends for Q4 2021." According to Cloudflare, 2021 has been a particularly bad year in terms of DDoS attacks.

Ransom distributed denial of service (DDoS) attacks increased by over 175 percent quarter over quarter, highlighting the large scale of the problem described by Cloudflare.

Read more