Empty DDoS Threats: Meet the Armada Collective

In March 2016, a group of cybercriminals calling themselves the Armada Collective began sending extortion emails to various online businesses, threatening DDoS attacks if they were not paid in Bitcoin. Over 100 existing and prospective CloudFlare customers received these threats, but no actual DDoS attacks have been launched by this group. Despite their inability to determine who has paid the extortion fee and who has not, the Armada Collective has collected hundreds of thousands of dollars in payments. This is not the first time a group has used the name "Armada Collective," as an earlier iteration did carry out DDoS attacks before going silent in November 2015.