Recently, cybercriminals have enjoyed unprecedented popularity with encryption programs that generate income through extortion. A vivid example is the recent attacks using extortion software WannaCry and Petya. In addition to cryptographers, cybercriminals also resort to extortion of a different kind. Attackers require ransom organizations, threatening otherwise to arrange for their servers a large-scale DDoS-attack.

A few years ago, the Armada Collective group. Out of fear of being attacked, its victims agreed to pay ransom, and cybercriminals "earned" more than $ 100 thousand. , Without moving a finger. Alleged members of the group were arrested in January last year, but now, it seems, Armada Collective (or someone else using the "untwisted" name) is back in the ranks.

According to the South Korean news agency Yonhap, the group blackmails local banks, demanding $ 315,000. In bitocans. If the organization refuses to pay, cybercriminals threaten to bring down on it a powerful DDoS attack. Among the banks that fell under the sights of cybercriminals are KB Kookmin Bank, Shinhan Bank, Woori Bank, KEB Hana Bank and NH Bank.

According to IB experts from the South Korean company Hauri Labs, the attackers were inspired by the recent incident with the local hosting provider NAYANA.

The company's servers were attacked by extortion software Erebus, and for their restoration, the management of NAYANA agreed to pay $ 1 million to the attackers. Nevertheless, experts believe that banks are reliably protected against possible DDoS attacks.

The repayment period ended on Monday, June 26, but the sites of financial organizations continue to operate. With what it is connected, it is not known. Perhaps the banks paid a ransom, or the attacks failed. It is also possible that in fact, extortionists do not have the necessary resources to implement DDoS attacks, and their threats were not grounded.