A group called the Armada Collective have been sending emails to businesses threatening them with Distributed Denial of Service (DDoS) attacks unless they pay a fee in bitcoins. The threat is that unless they pay, a huge DDoS attack will take their systems offline.
Although, it seems, that DDoS attack never comes. CloudFlare are reporting that, although hundreds of their customers have received such threats, none of them have ever been hit with a DDoS attack even if they haven't paid the so-called "protection fee". Unfortunately, despite the empty threat, Bitcoin analysts have identified that Armada Collective have received more than $100,000 USD as a result of their threats.
DDoS attacks can be extremely hard to mitigate, and can be very costly to businesses whilst their systems are inaccessible - a fact that the Armada Collective are clearly cashing in on. What would your business do if you received such a threat?
Given that the attackers can't tell who has paid the extortion fee and who has not, it is perhaps not surprising to learn that they appear to treat all victims the same: attacking none of them. To date, we've not seen a single attack launched against a threatened organization. This is in spite of nearly all of the threatened organizations we're aware of not paying the extortion fee.