Massive Meris Botnet Embeds Ransomware Notes from REvil

Notes threatening to tank targeted companies’ stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL.

Hey webop_geeks, you_are_already_dead, a note claiming to be left by the REvil ransomware gang declared, embedded into the attack itself as a string of text in the URL for the extortion demand.

Imperva reported the interesting twist on Friday – one of several it’s seen in the evolution of distributed denial-of-service (DDoS) attacks so far this year.

In a post that detailed mitigation of a recent attack that hit up to 2.5 Mrps (millions of requests per second) on a single website, Imperva’s Nelli Klepfish shared several chest-thumping ransom notes – a screen capture of one is included below – that its targeted customer received before the attack started.

A ransomware note ransom note embedded into the attack’s URL extortion demand. Source: Imperva.

“We are observing more cases like this where the ransom note has been included as part of the attack itself, perhaps as a reminder to the target to send their bitcoin payment,” Klepfish wrote. “Of course, once the

Read More: