Security News > 2021 > June > ‘Fancy Lazarus’ Cyberattackers Ramp up Ransom DDoS Efforts

The new name is a tongue-in-cheek combination of the Russia-linked Fancy Bear advanced persistent threat and North Korea's Lazarus Group.

According to Proofpoint, this time around the gang has been sending threatening, targeted emails to various organizations, including those operating in the energy, financial, insurance, manufacturing, public utilities and retail sectors - asking for a two-Bitcoin starting ransom if companies want to avoid a crippling DDoS attack.

The targets are mostly located in the U.S. While it's hard to make a definitive correlation, the timing of some of the Fancy Lazarus campaigns correspond with high-profile ransomware attacks over the past six months, in terms of targeting the same vertical industries, according to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.

The emails announce that the organization is being targeted by Fancy Lazarus, and they threaten a DDoS attack in seven days if the target doesn't pay up, according to an analysis on Thursday from Proofpoint.

While it's impossible to know the success rate of the Fancy Lazarus campaigns, "Given the potentially substantial financial payoff for relatively little work on the threat actor's part, a low success rate would still make this a worthwhile tactic," DeGrippo noted.

In February, the REvil ransomware gang started adding DDoS attacks to its efforts, in an effort to ratchet up the pressure to pay.

News URL

https://threatpost.com/fancy-lazarus-cyberattackers-ransom-ddos/166811/