The Armada Collective DDoS Threats - don’t bother

The Armada Collective DDoS Threats - don’t bother

We got another of those mindless letters explaining we will get DDoSed if we don’t pay some BTC to a group calling themselves “The Armada Collective”. Here is it:


We are Armada Collective.

In past, we launched one of the largest attacks in Switzerland’s history. Use Google.

Cryptum will be DDoS-ed if you don’t pay 2 Bitcoins @ 18Z6SNHDiazvBFUQQU5gwXJuS1SrdFbpyC within 24 hours!


Our attacks are extremely powerful, we can attack over CloudFlare/Incapsula and other services, so no protection will help.

Right now we will start 15 minutes attack on your site. It will not be hard, we will not crash it at the moment to try to minimize eventual damage, which we want to avoid at this moment. It’s just to prove that this is not a hoax. Check your logs!

If you don’t pay by in 24 hours, attack will start, price to stop will increase to 5 BTC and will go up 2 BTC for every day of a ttack.

If you report this to media and try to get some free publicity by using our name, instead of paying, attack will start permanently and will last for a long time.

This is not a joke.

Prevent it all with just 2 BTC @ 18Z6SNHDiazvBFUQQU5gwXJuS1SrdFbpyC

Among the pile of threats, they gave us the sound advise to use Google. So we used it, and how it backfired on those fledgling scammers credibility. There is a nice article in Cloudflare’s Blog (the same service they explained they can ignore) explaining those empty threats are simply a scam. The Original Armada Collective went silent in 2015 after arrests from Interpol, and while they actually carried out their threats and attacked some website, we highly doubt they would do it with just about any website, especially a midrange ICO. Why?

DDoS attacks are a bit of a one-shot pony and you cannot sustain them for long, so wasting them just to prove a point won’t happen often, and is even less likely to happen if you are some website that doesn’t make quite a lot of cash, otherwise you wouldn’t even care that much.

And, even if they carried out such attack and our service provider failed to protect the server, calling their 24/7 support for a fix would take just a few minutes. They can literally disconnect the server and just move it to a new IP or raise their DDoS protection if it failed and by some miracle they didn’t notice. Apart from that, there are plenty of on-site tools that can help you with simpler attacks that happen on nearly a daily basis, like banning options with limits on requests, fake crawler blocking, and throttling huge number of requests (or simply blocking them for few minutes) essentially limiting the number of pages visitors are able to request per minute.

Say a normal person can view few pages a minute, considering he’s up for some information. 10 pages? May be, often the number of pages per minute is less than 3 or 4 (although it depends on the content, of course), so if you limit the page requests to 15 per minute before they are throttled, and block the user if he exceeds 30 to 60, the chance to disrupt a real user experience is very low. Unless he’s up to something you don’t usually want.

So, unless you are running a multimillion ICO - in which case we assume you took all necessary steps to protect your website, although the ICO history says otherwise, you can pretty much ignore such emails.

Stay safe!

Cryptum ICO

Leave a Reply

Subscribe to news by Cryptum?

We will add you to our mailing lists and notify you when there are important news.

Thank you for subscribing! If you want to get the news first, don't forget to follow us in Twitter!