Home / Blogs

Lessons to Be Learned from the Armada Collective’s DDoS Attacks on Greek Banks

‘It could’ve been worse’ is a fascinating expression. It implies that the incident in question obviously could have been worse than expected, however it also implies that it could have been better, ultimately leading to the conclusion that it was at least somewhat bad.

So both fortunately and unfortunately for three Greek banks, the ransom DDoS attacks levied against them by hacker group the Armada Collective could have been worse.

What could have been a Greek Tragedy?

In the beginning of last December, three separate Greek banks were hit with DDoS attacks. The origin of the attacks was no secret. Each of the banks received similar messages: pay a ransom in bitcoin to a group called the Armada Collective, and the attacks will stop.

None of these banks paid the ransom. Instead, they contacted the authorities as well as the Greek central bank. However, just because the ransom wasn’t paid does not mean the attacks weren’t successful. Online banking services for each of these banks were blocked for several hours.

Why it could have been worse

The banks were quick to confirm that attackers were not able to penetrate the banks’ security, did not gain access to accounts, and did not obtain the personal or financial information or data of any customer. No customers’ money was at risk at any point during the attack. With massive data breaches of companies ranging from Target to VTech to Ashley Madison, it comes as a huge relief that these DDoS attacks were just DDoS attacks, and not smokescreens for malware or intrusions.

Why it could have been better

Damage sustained in DDoS attacks isn’t simply measured in dollars and cents or in compromised customer information. The fact alone that web banking services went down for several hours is a major loss for each one of these banks.

These attacks worked well enough to compromise services, which naturally erodes customer confidence, and may result in many customers moving their money to banks they feel are more secure. It is this unsightly damage that can lead to long-term effects all from a DDoS attack.

A history of ransom

Regardless of how the mainstream media may cover this type of attack, there’s nothing new about DDoS ransom attacks. The Armada Collective was already a known entity in the DDoS ransom attack game, hitting private email services such as Zoho, Runbox and FastMail. A fourth private email service, ProtonMail, was hit so hard that other companies using the same data center went down due to the attack. As a result of the pressure it faced from being the target of such a large-scale attack, ProtonMail paid the ransom (see at ZDNET).

Perhaps the best known DDoS ransom group, however, is DD4BC—Distributed Denial for Bit Coin. According to DDoS protection services provider Imperva Incapsula, DD4BC has launched high profile ransom DDoS attacks against gaming sites, bitcoin exchanges and the payment industry.

What site owners need to learn from this?

If you’re thinking you can breathe easy because your site or business is nowhere near as big as a Greek bank and therefore will not be a target of DDoS ransom notes, think again. DDoS ransom notes are still happening simply because they’re still working. For every Greek bank that contacts the authorities, there will be a ProtonMail that capitulates to the monetary demand.

DDoS ransom notes hit websites both big and small. So though your site may never make it on the list of a bigtime attack group like DD4BC or the Armada Collective, it could very well end up on a random list generated by some kid who has $30 to spare and a few minutes a day to spend on a booter or stresser—a ‘DDoS for hire’ service—not to mention the list of one of your unscrupulous competitors who has the same few dozen dollars and time to spare.

Don’t let ‘it could’ve been worse’ happen to you

If you get a DDoS ransom note, don’t pay the ransom. All it will do is mark you as an easy target, one who doesn’t have professional DDoS protection.

The best advice is to get professional DDoS protection. With this, you can ignore DDoS ransom notes with confidence, and your site or business can conduct business as usual knowing you and your users aren’t at risk from the consequences of a DDoS attack.

DDoS Impact Survey Reveals the Actual Cost of DDoS Attacks by Incapsula  (Click to Enlarge Image)

By Meg Bear, Senior VP, General Manager Cloud Services at Imperva

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix


Sponsored byVerisign


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign