[AusNOG] ATTENTION: Ransom request!!!

Tom Paseka tom at cloudflare.com
Sun Jul 10 12:42:05 EST 2016 

As a reminder to all, don't pay. don't ever pay. most of these messages are
fake, and even if they're not and you pay them, they'll just keep coming
back for more.

-TOm

On Sat, Jul 9, 2016 at 6:21 PM, Keith Anderson <keitha at apcs.com.au> wrote:

> Hi All,
>
> Well the time came and went, was as disappointing as Y2K, a non event.
>
> Have a good weekend all, whats left of it….
>
> ThanksKeith
>
>
>
> *apcsKeith Anderson l Managing DirectorAUS Mobile. +61 400 947 947
> <%2B61%20400%20947%20947> Fax.  1300 7654 27PNG Phone. +675 303 1236
> <%2B675%20303%201236>  Mobile. +675 76 947 947   Fax. +675 325 9066
> <%2B675%20325%209066>Email. keitha at apcs.com.au
> <keitha at apcs.com.au> l Web. www.apcs.com.au <http://apcs.com.au/>*
>
>
>
> On 9 Jul 2016, at 1:55 AM, Luca Salvatore <luca at digitalocean.com> wrote:
>
> They are fake... nothing ever happens.  We've had a bunch of threats from
> them and it never eventuates into anything.
>
> On Fri, Jul 8, 2016 at 9:21 AM, A <clonemeagain at gmail.com> wrote:
>
>> Cloudflare have an interesting article on it:
>> https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
>> On 8 Jul 2016 11:15 pm, "Keith Anderson" <keitha at apcs.com.au> wrote:
>>
>>> Hi All,
>>>
>>> Glad we have DoS filtering in place, hope it works.
>>>
>>> received this one yesterday.
>>>
>>> Have a good weekend all,
>>>
>>> ### HEADER
>>>
>>> Received: from removed [x.x.x.x])
>>> by removed (Postfix) with ESMTP id E077333F9F
>>> for <systemadmin at removed>; Thu,  7 Jul 2016 15:04:38 +1000 (PGT)
>>> X-ASG-Debug-ID: 1467867840-06ff6519594ed72d0001-Vn5JKc
>>> Received: from ks3293195.kimsufi.com (ks3293195.kimsufi.com [5.135.186.134])
>>> by filter1-removed with ESMTP id zxmM3rWeIgLfLFeL for <Removed>; Thu, 07
>>> Jul 2016 05:04:02 +0000 (GMT)
>>> X-Barracuda-Envelope-From: armada.collective at gmail.com
>>> X-Barracuda-Effective-Source-IP: ks3293195.kimsufi.com[5.135.186.134]
>>> X-Barracuda-Apparent-Source-IP: 5.135.186.134
>>> From: Armada Collective <armada.collective at gmail.com>
>>> To: <sysadmin at r <sysadmin at datec.net.pg>emoved>
>>> Subject: ATTENTION: Ransom request!!!
>>> X-Barracuda-Connect: ks3293195.kimsufi.com[5.135.186.134]
>>> X-Barracuda-Start-Time: 1467867841
>>> X-Barracuda-URL: XXX
>>> X-ASG-Orig-Subj: ATTENTION: Ransom request!!!
>>> X-Barracuda-Scan-Msg-Size: 1266
>>> X-Virus-Scanned: by bsmtpd at XXXX
>>> X-Barracuda-BRTS-Status: 1
>>> X-Barracuda-Spam-Score: 2.00
>>> X-Barracuda-Spam-Status: No, SCORE=2.00 using global scores of
>>> TAG_LEVEL=4.5 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=5.0 tests=MISSING_DATE,
>>> MISSING_MID, PLING_PLING
>>> X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.3.31081
>>> Rule breakdown below
>>>  pts rule name              description
>>> ---- ----------------------
>>> --------------------------------------------------
>>> 0.14 MISSING_MID            Missing Message-Id: header
>>> 1.40 MISSING_DATE           Missing Date: header
>>> 0.46 PLING_PLING            Subject has lots of exclamation marks
>>> Message-ID: <20160707050438.7DECC16CC0B3 at filter1-X
>>> <20160707050438.7DECC16CC0B3 at filter1-dc3.datec.net.pg>XX>
>>> Date: Thu, 7 Jul 2016 05:04:38 +0000
>>> Return-Path: armada.collective at gmail.com
>>> MIME-Version: 1.0
>>> Content-Type: text/plain
>>> X-MS-Exchange-Organization-Network-Message-Id:
>>> 07157968-b5a4-4cfa-da65-08d3a624c308
>>> X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
>>> X-MS-Exchange-Organization-AuthSource: POM.local
>>> X-MS-Exchange-Organization-AuthAs: Anonymous
>>> ### END FULL HEADER
>>>
>>>
>>> -----Original Message-----
>>> From: Armada Collective [mailto:armada.collective at gmail.com
>>> <armada.collective at gmail.com>]
>>> Sent: Thursday, 7 July 2016 3:05 PM
>>> To: Removed
>>> Subject: ATTENTION: Ransom request!!!
>>>
>>> FORWARD THIS MAIL TO WHOEVER IS IMPORTANT IN YOUR COMPANY AND CAN MAKE
>>> DECISION!
>>>
>>> We are Armada Collective.
>>>
>>> All your servers will be DDoS-ed starting Saturday (Jul 9 2016) if you
>>> don't pay 5 Bitcoins @ 14T7TxDxhhpYtgNgrK1hpe4UsfULZDhFoC
>>>
>>> When we say all, we mean all - users will not be able to access sites
>>> host with you at all.
>>>
>>> Right now we will start 15 minutes attack on your site's IP X.X.X.X It
>>> will not be hard, we will not crash it at the moment to try to minimize
>>> eventual damage, which we want to avoid at this moment. It's just to prove
>>> that this is not a hoax. Check your logs!
>>>
>>> If you don't pay by Saturday, attack will start, price to stop will
>>> increase by 5 BTC for every day of attack.
>>>
>>> If you report this to media and try to get some free publicity by using
>>> our name, instead of paying, attack will start permanently and will last
>>> for a long time.
>>>
>>> This is not a joke.
>>>
>>> Our attacks are extremely powerful - sometimes over 1 Tbps per second.
>>> So, no cheap protection will help.
>>>
>>> Prevent it all with just 5 BTC @ 14T7TxDxhhpYtgNgrK1hpe4UsfULZDhFoC
>>>
>>> Do not reply, we will probably not read. Pay and we will know its you.
>>> AND YOU WILL NEVER AGAIN HEAR FROM US!
>>>
>>> Bitcoin is anonymous, nobody will ever know you cooperated.
>>>
>>> ———————————
>>>
>>>
>>>
>>>
>>>
>>> *apcsKeith Anderson l Managing DirectorAUS Mobile. +61 400 947 947
>>> <%2B61%20400%20947%20947> Fax.  1300 7654 27 <1300%207654%2027>PNG
>>> Phone. +675 303 1236 <%2B675%20303%201236>  Mobile. +675 76 947
>>> 947   Fax. +675 325 9066 <%2B675%20325%209066>Email. keitha at apcs.com.au
>>> <keitha at apcs.com.au> l Web. www.apcs.com.au <http://apcs.com.au/>*
>>>
>>>
>>> *<PastedGraphic-2.tiff>*
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
>
> --
> Luca Salvatore
> Manager, Network Team | DigitalOcean
> Phone: +1 (929) 214-7242
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160709/c6b6864a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-2.tiff
Type: image/tiff
Size: 46058 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160709/c6b6864a/attachment.tiff>

More information about the AusNOG mailing list