It turns out you don’t even need to be a hacker to make a nice living from cybercrime. Instead, all you need to do is pretend to be one.

An enterprising extortionist appears to have stolen the identity of a notorious hacking group that came to attention late last year, using their ‘brand’ to extort cash from over a hundred companies by threatening them with Distributed Denial of Service (DDoS) attacks.

The scammer (or scammers) claim to be part of the Armada Collective, a group that carried out a series of DDoS attacks on webmail providers that refused to pay a ransom in Bitcoin last year. However, it’s believed that the group’s key members were arrested in January of this year, and the latest threats are from someone else using the group’s name for their own ends.

According to blog post by DDoS mitigation provider CloudFlare, over 100 companies have received emails from the “Armada Collective” demanding they pay a fee of between 10 and 50 Bitcoins in return for not being attacked.

“Our attacks are extremely powerful – sometimes over 1Tbps per second. And we pass CloudFlare and others’ remote protections! So, no cheap protection will help,” the email says.

The email threatens that the price will rise if companies don’t cough up soon. However, it seems no one was actually attacked by the ‘group’.

It’s an intriguing case because CloudFlare noticed the scammers were reusing the same Bitcoin address for each victim, which would make it impossible for them to know which companies had paid and which hadn’t. As a result, CloudFlare did some digging but failed to find evidence of a single DDoS attack being launched.

“In fact, because the extortion emails reuse Bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not,” said Matthew Prince, CEO of CloudFlare. “In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments.”

“While the actual members of the original Armada Collective appear locked up in a European jail, with little more than some Bitcoin addresses and an email account, some enterprising individuals are drafting off the group’s original name, sowing fear, and collecting hundreds of thousands of extorted dollars.”

Prince warned there are some groups still out there which can and do carry out attacks if a ransom isn’t paid, but the “Armada Collective” isn’t one of them. So if you do happen to receive any threatening emails from them, you can probably save yourself a few dollars by ignoring it.

Photo Credit: Koen Cobbaert via Compfight cc