Armada Collective, the hackers that launched DDoS attacks on ProtonMail, are back and are targeting several Greek banks, using the same DDoS-for-Bitcoin extortion scheme.
Unlike the ProtonMail debacle, when the secure email provider agreed to pay the hackers’ ransom, this time around, bankers contacted local law enforcement, as Greek newspaper Kathimereini is reporting.
The attacks started on Thursday, November 26, and continued through this week. Three unnamed Greek banks were targeted, and Armada Collective hackers asked for 20,000 Bitcoin ($7,210,000 / €6,790,000) from each of them.
Yanni Koutsomitis, Eurozone analyst and managing director at Imperial Media, said that, on Monday, Greek authorities brought in FBI specialists to help with the investigation and countering the cyber-attack.
During the DDoS on ProtonMail, after the initial attacks that convinced ProtonMail management to pay the ransom, subsequent DDoS attacks grew in intensity. Armada Collective denied responsibility for the subsequent attacks, which were many times stronger than the early ones.
Many believed the hackers’ explanation and suspected that a state-sponsored actor quietly got on the line and was taking revenge on the secure email provider labeled as “NSA-proof.”
The attacks on the Greek banks now confirm that Armada Collective is a serious threat and has the power to cripple an entire nation’s financial institution.
Previous Armada Collective targets include Hushmail, Runbox, and a few Internet Service Providers from Switzerland. None of them paid the ransom.