The Australian Cybersecurity Center, established by the country’s Radio Defense Department, warned that banks and other financial institutions in Australia were the victims of a massive extortion campaign. Unknown attackers massively send letters in which they threaten to launch DDoS attacks on financial institutions if they do not pay them a large amount in the Monero cryptocurrency.
The threats to Australian financial institutions that have become more frequent over the past week are part of a global ransomware DDoS campaign that dates back to October 2019. Initially, such threats came precisely to banks and other companies in the financial sector, but then hackers turned their attention to other industries. For example, banks in Singapore and South Africa, telecommunications companies in Turkey, Internet service providers in South Africa, and gambling sites in Southeast Asia received threatening extortion messages.
The ZDNet publication notes that in most cases the threats of the attackers were not fulfilled, however, according to journalists, some of the prices of the attackers were indeed subjected to DDoS attacks (which are not specified).
The hack group behind this campaign regularly changes the names that signed the extortion messages. So, initially hackers used the name Fancy Bear, owned by the famous Russian-speaking APT. Then they turned to the name Cozy Bear, which belongs to another well-known Russian-speaking hack group, which was accused of hacking the National Committee of the Democratic Party of the United States on the eve of the 2016 elections. Other names that ransomware hid at various times: Anonymous, Carbanak, and Emotet. Currently, the group uses the name Silence, which belongs to the group, which steals millions of dollars from banks in Eastern Europe, South and Central Asia, as well as African countries.
The Australian Cybersecurity Center stresses that cybercriminals have never yet fulfilled their threats against the country’s banks. Experts recommend organizations not to pay the ransom to scammers and be prepared in advance for possible attacks, if they do occur.