[AusNOG] ATTENTION: Ransom request!!!

Nick Pratley nick.pratley at serversaustralia.com.au
Sun Jul 10 14:54:18 EST 2016 

I've had about 5 of them in the last 3 weeks. 
Just ignore - nothing has ever come from them. 



On Sun, Jul 10, 2016 at 12:43 PM +1000, "Tom Paseka" <tom at cloudflare.com> wrote:










As a reminder to all, don't pay. don't ever pay. most of these messages are fake, and even if they're not and you pay them, they'll just keep coming back for more.
-TOm
On Sat, Jul 9, 2016 at 6:21 PM, Keith Anderson <keitha at apcs.com.au> wrote:
Hi All,
Well the time came and went, was as disappointing as Y2K, a non event.
Have a good weekend all, whats left of it….
ThanksKeith

apcs
Keith Anderson l Managing DirectorAUS Mobile. +61 400 947 947 Fax.  1300 7654 27PNG Phone. +675 303 1236  Mobile. +675 76 947 947   Fax. +675 325 9066Email. keitha at apcs.com.au l Web. www.apcs.com.au






On 9 Jul 2016, at 1:55 AM, Luca Salvatore <luca at digitalocean.com> wrote:
They are fake... nothing ever happens.  We've had a bunch of threats from them and it never eventuates into anything.
On Fri, Jul 8, 2016 at 9:21 AM, A <clonemeagain at gmail.com> wrote:


Cloudflare have an interesting article on it: https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
On 8 Jul 2016 11:15 pm, "Keith Anderson" <keitha at apcs.com.au> wrote:
Hi All,
Glad we have DoS filtering in place, hope it works.
received this one yesterday.
Have a good weekend all, 
### HEADER

Received: from removed [x.x.x.x])
	by removed (Postfix) with ESMTP id E077333F9F
	for <systemadmin at removed>; Thu,  7 Jul 2016 15:04:38 +1000 (PGT)
X-ASG-Debug-ID: 1467867840-06ff6519594ed72d0001-Vn5JKc
Received: from ks3293195.kimsufi.com (ks3293195.kimsufi.com [5.135.186.134]) by filter1-removed with ESMTP id zxmM3rWeIgLfLFeL for <Removed>; Thu, 07 Jul 2016 05:04:02 +0000 (GMT)
X-Barracuda-Envelope-From: armada.collective at gmail.com
X-Barracuda-Effective-Source-IP: ks3293195.kimsufi.com[5.135.186.134]
X-Barracuda-Apparent-Source-IP: 5.135.186.134
From: Armada Collective <armada.collective at gmail.com>
To: <sysadmin at removed>
Subject: ATTENTION: Ransom request!!!
X-Barracuda-Connect: ks3293195.kimsufi.com[5.135.186.134]
X-Barracuda-Start-Time: 1467867841
X-Barracuda-URL: XXX
X-ASG-Orig-Subj: ATTENTION: Ransom request!!!
X-Barracuda-Scan-Msg-Size: 1266
X-Virus-Scanned: by bsmtpd at XXXX
X-Barracuda-BRTS-Status: 1
X-Barracuda-Spam-Score: 2.00
X-Barracuda-Spam-Status: No, SCORE=2.00 using global scores of TAG_LEVEL=4.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=5.0 tests=MISSING_DATE, MISSING_MID, PLING_PLING
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.31081
	Rule breakdown below
	 pts rule name              description
	---- ---------------------- --------------------------------------------------
	0.14 MISSING_MID            Missing Message-Id: header
	1.40 MISSING_DATE           Missing Date: header
	0.46 PLING_PLING            Subject has lots of exclamation marks
Message-ID: <20160707050438.7DECC16CC0B3 at filter1-XXX>
Date: Thu, 7 Jul 2016 05:04:38 +0000
Return-Path: armada.collective at gmail.com
MIME-Version: 1.0
Content-Type: text/plain
X-MS-Exchange-Organization-Network-Message-Id: 07157968-b5a4-4cfa-da65-08d3a624c308
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: POM.local
X-MS-Exchange-Organization-AuthAs: Anonymous
### END FULL HEADER


-----Original Message-----
From: Armada Collective [mailto:armada.collective at gmail.com] 
Sent: Thursday, 7 July 2016 3:05 PM
To: Removed
Subject: ATTENTION: Ransom request!!!

FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE DECISION!

We are Armada Collective.

All your servers will be DDoS-ed starting Saturday (Jul 9 2016) if you don't pay 5 Bitcoins @ 14T7TxDxhhpYtgNgrK1hpe4UsfULZDhFoC

When we say all, we mean all - users will not be able to access sites host with you at all.

Right now we will start 15 minutes attack on your site's IP X.X.X.X It will not be hard, we will not crash it at the moment to try to minimize eventual damage, which we want to avoid at this moment. It's just to prove that this is not a hoax. Check your logs!

If you don't pay by Saturday, attack will start, price to stop will increase by 5 BTC for every day of attack.

If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time.

This is not a joke.

Our attacks are extremely powerful - sometimes over 1 Tbps per second. So, no cheap protection will help.

Prevent it all with just 5 BTC @ 14T7TxDxhhpYtgNgrK1hpe4UsfULZDhFoC

Do not reply, we will probably not read. Pay and we will know its you. AND YOU WILL NEVER AGAIN HEAR FROM US!

Bitcoin is anonymous, nobody will ever know you cooperated.
———————————



apcs
Keith Anderson l Managing DirectorAUS Mobile. +61 400 947 947 Fax.  1300 7654 27PNG Phone. +675 303 1236  Mobile. +675 76 947 947   Fax. +675 325 9066Email. keitha at apcs.com.au l Web. www.apcs.com.au



<PastedGraphic-2.tiff>
_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net

http://lists.ausnog.net/mailman/listinfo/ausnog




_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net

http://lists.ausnog.net/mailman/listinfo/ausnog





-- 
Luca SalvatoreManager, Network Team | DigitalOceanPhone: +1 (929) 214-7242




_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net

http://lists.ausnog.net/mailman/listinfo/ausnog









-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160710/4eb9713a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-2.tiff
Type: image/tiff
Size: 46058 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160710/4eb9713a/attachment-0001.tiff>

More information about the AusNOG mailing list