APT group “Fancy Lazarus” has been ramping up its ransom DDoS efforts in several new campaigns against US entities. The group is known for masquerading as various APT groups to distract security researchers. Researchers state the APT group is launching a new series of attacks using a combination of the names for Russian APT Fancy Bear and North Korea’s Lazarus group. Proofpoint states that the gang has been delivering threatening, targeted emails to various organizations, including those in the energy, financial, insurance, manufacturing, public utilities, and retails sectors.

The gang is allegedly asking for a two-Bitcoin starting ransom to protect the entity against a DDoS attack. Fancy Lazarus states that if the ransom is not paid, the group will launch a destructive DDoS attack against the organizations. After the provided deadline, the price of protection doubles to four Bitcoin and continues to increase by one every day after that. According to Proofpoint, it seems as though most of the targets are located within the US. A researcher at Proofpoint stated that the attacks could be an attempt to gain popularity, resulting in a higher likelihood of payment. The campaigns follow a recent trend observed by researchers that focuses on threats to financial institutions and large insurance providers.