Online extortion threat targets Australian and New Zealand organisations

An unknown group is demanding payment in bitcoins to pre-empt denial-of-service attacks.

New Zealand's National Cyber Security Centre (NCSC), a division of the Government Communications Security Bureau (GCSB), warned companies overnight of an extortion campaign targeting New Zealand organisations.

An unknown group is threatening denial-of-service (DoS) attacks unless a payment is made, the NCSC said.

According to another group, the New Zealand Internet Task Force (NZITF), similar threats are being made against Australian organisations as well.

The NCSC said that to demonstrate the threat is credible, shortly after receiving the extortion email, the organisations are hit with a short-duration DoS attack, lasting up to an hour.

The NCSC said it is not currently aware of any instances where the threat to carry out a more sustained attack has been realised.

The NZITF said on Thursday that emails received have threatened to take down an organisation's internet links unless substantial payments in bitcoin are made.

"The networks of at least four New Zealand organisations that NZITF knows of have been affected so far," said NZITF chair Barry Brailey. "A number of Australian organisations have also been affected."

Brailey said the emails contain statements such as:

"Your site is going under attack unless you pay 25 bitcoin."

"We are aware that you probably don't have 25 BTC at the moment, so we are giving you 24 hours."

The emails may also provide links to news articles about other attacks the group has conducted.

The NZITF is urging firms not to pay, because it it makes an organisation a likely target for further exploitation.

The NCSC advised affected organisations to contact their internet service providers to discuss mitigation.

"Where applicable, temporarily transfer online services to cloud-based hosting providers that have the ability to withstand DoS attacks," it said.

"Use a denial-of-service mitigation service for the duration of the DoS attack. Disable website functionality or remove content that is being specifically targeted by the DoS attack. For example, search functionality, dynamic content, or large files."

The NZITF said that if the DoS attacks are conducted over non-critical services (especially SSDP and NTP), blocking the relevant ports may provide temporary mitigation.