Key Points
“We are the Team Xball and we have chosen your website/network as target for our next DDoS attack.”
Is this the work of an expert hacking group or just a desperate extortion attempt?
First thing’s first: if you’ve come across this blog post because you’re worried about some rogue attack group called “Team Xball”, rest assured that this is an empty threat and merely an extortion attempt. Do not waste your time figuring how to load a bitcoin wallet and losing your business’ hard-earned cash.
Why are we so confident this is a hoax? For multiple reasons, actually:
- The attackers offer no evidence that they have the data they claim to have stolen
- We have received identical emails from multiple clients stating they’ve stolen the same generic information, e.g. ‘DataBase tax forms’
- All the DDoS attacks are scheduled for the same time. If you are planning to attack someone with a DDoS attack, it wouldn’t make sense to hit multiple targets at the same time since this would result in weaker attacks.
- In the email they write: “Once you have paid we will automatically get informed that it was your payment.”. There is no indication from the attacks they say they have carried out which would suggest this would even be possible, it just doesn’t make sense.
Extortion and ransom style attacks are a big focus for attackers in cyber space right now, with the most recent high profile attack being the WannaCry ransomware worm which was spread widely over the internet using the EternalBlue SMB exploit that the Shadow Brokers leaked from the NSA back in April.
Even though this time it was a hoax, as WannaCry proved there are more serious hackers out there which will act on their claims for ransom if not paid. If you are concerned that your website(s) may not be fully secured, please don’t hesitate to contact us and we’ll be happy to discuss we can help secure you from future attacks with our continuous monitoring platform.
For those interested, we post the full transcript of the email below:
“We are the Team Xball and we have chosen your website/network as target for our next DDoS attack.Unfortunately your data was leaked in the recent hacking of the web site and we now have your information. We have DataBase tax forms, DOB, Names, Addresses, Credit card details, bank account full details and more sensitive data. Now, we can publish your details and your clients online who would damage the rating of the company and would create many problems for you.On Friday 16_06_2017_7:00p.m. GMT !!! We begin to attack your network servers and computers. We will produce a powerful DDoS attack — up to 250 Gbps. All data will be encrypted on computers Crypto-Ransomware. You can stop the attack beginning, if payment 1 bitcoin (2900 $). Do you have time to pay. If you do not pay before the attack 1 bitcoin the price will increase to 10 bitcoinsPlease send the bitcoin to the following Bitcoin address:
1Mwye9g9XjmxNFingdLbXwVPnocqtQATtE
Once you have paid we will automatically get informed that it was your payment.
What if I don’t pay?
If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there’s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers and make sure your website will remain offline until you pay. We can publish your DataBase. This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid we won’t start the attack and you will never hear from us again! Please note that Bitcoin is anonymous and no one will find out that you have complied.”