Please update your browser.

Our site no longer supports this browser. Using another one will help provide a better experience.


The Reemergence Of Ransom-Based Distributed Denial Of Service (RDDoS) Attacks

Written by Black Lotus Labs

Device screen showing piles of ransom money demanded by cybercriminals



We are Armada Collective.


All your servers will be DDoS-ed starting next Monday (August 17th, 2020, 6 days later) if you don’t pay 5 Bitcoins @ [Bitcoin wallet]



If you don’t pay by Monday, attack will start, price to stop will increase to 10 BTC and will go up 5 BTC for every day of attack.


If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time.


This is not a joke.


Our attacks are extremely powerful – sometimes over 1.5 Tbps per second. So, no cheap protection will help.


Do not reply, we will probably not read. Pay and we will know it’s you. AND YOU WILL NEVER AGAIN HEAR FROM US!

Please perform a google search for “Lazarus Group” to have a look at some of our previous work.


Also, perform a search for “NZX” or “New Zealand Stock Exchange” in the news. You don’t want to be like them, do you?

Introducing The Kadyrovtsy

Likely due to their success, we are now seeing other criminals trying to monetize this same RDDoS crime. One group that we recently observed has used the display name “The Kadyrovtsy,” At this time, we believe that this entity is operating independently of the previously mentioned cybercrime entity. Snippets from a ransom note sent on Nov. 18 and associated with this particular group can be found below:

now we run small attack demo on only small part of network for 3 hours to proof we are not bluff


in not payed after Monday total attack start for long time on all your network and you lose badly and we rise price to stop it


if you pay well no attack more and you never hear us again

General RDDoS Guidance And Considerations

While the area of RDDoS is still in its adolescence compared to more established cybercrimes, Black Lotus Labs assesses that this type of threat is likely to continue to impact organizations for the foreseeable future. As is evident with the emergence of The Kadyrovtsy, we suspect that RDDoS will likely expand to become another facet of the cybercrime landscape.


We recommend that organizations not pay the ransom demand, as paying only further fuels this illicit business model. Even if a company does pay, there are no assurances that the criminal organization would then stop their attack. Similarly, even if an organization pays off one group, the victim could subsequently receive another ransom note from a different cybercrime group.


To best protect against DDoS attacks, companies should consider a DDoS mitigation service, which helps prevent attack traffic from overwhelming resources. Companies can also consider deploying applications across highly distributed infrastructure, or working to make it difficult to enumerate their public infrastructure.


Black Lotus Labs will continue use its visibility into attacks and Bitcoin trading to track these actors and their activity. In addition, we will continue our work to raise the costs for cybercriminals by reporting and removing attack infrastructure and wallets.


Black Lotus Labs

The mission of Black Lotus Labs is to leverage our network visibility to help protect customers and keep the internet clean.

This blog is provided for informational purposes only and may require additional research and substantiation by the end user. In addition, the information is provided “as is” without any warranty or condition of any kind, either express or implied. Use of this information is at the end user’s own risk. Lumen does not warrant that the information will meet the end user’s requirements or that the implementation or usage of this information will result in the desired outcome of the end user. ©2021 Lumen Technologies. All Rights Reserved.

Related Articles

How To Relieve The Management Burden Of Multi-Cloud

How To Relieve The Management Burden Of Multi-Cloud

Cloud services are an inextricable part of today’s enterprise operations. It would be unusual to find any business using only a single cloud provider or environment.

The Reemergence Of RDDoS Attacks

The Reemergence Of RDDoS Attacks

These attacks – known as Ransom Distributed Denial of Service (RDDoS) – could not have come at a worse time, as many businesses have become entirely dependent on their internet connectivity to comply with COVID-19 restrictions imposed for safety or compliance with local law.

Why Aren’t You A Technology Company Yet?

Why Aren’t You A Technology Company Yet?

Successful technology companies understand how to identify challenges and turn them into opportunities, especially when it allows them to define a marketplace that isn’t yet mature.