A group who call themselves XMR Squad has spent all the last week in launching the DDoS attacks against the German businesses and then they are contacting same companies to informing them to pay €250 for “their testing of DDoS protection systems.”
The German DDoS protection firm Link11 has reported attacks against the Hermes, AldiTalk, DHL, Snipes.com, the State Bureau of Investigation Lower Saxony, Freenet, and the website of the state of the North Rhine-Westphalia.
DDoS attacks were powerful and well targetted
The attack against the DHL Germany is very effective as it has shut down the DHL’s business customer portal and all their APIs, prompting the eBay Germany to issue an alert about possible issues with packages sent using DHL.
“They seem to know what to hit,” Daniel Smith said. He is a security researcher for Radware, and one of the core persons who is currently keeping tabs of all these attacks.
This group has sent emails to all companies it has targeted. In their emails, they did not ask for ransom to stop these attacks, but a fee for already having carried out what they call as a DDoS protection test.
Generally, these types of groups launch the DDoS attacks and then they send emails to the victims requesting for ransom payments to stop attacks. The XMR Squad’s emails looked like the invoices for an unrequested DDoS test.
Further, the ransom note did not include the payment instructions, which is just weird, to say the least. The DDoS ransoms are generally handled in Bitcoin or another cryptocurrency. It is strange to see that the group ask for payment in normal currency Euros, as their group’s name included the term XMR, which is the short name for Monero, an anonymous cryptocurrency.