As mentioned below, the Akamai SIRT has been tracking attacks from the so-called Armada Collective and Fancy Bear actors, who are sending ransom letters to various industry verticals such as finance, travel, and e-commerce.  \n In addition to the information in our previous advisory, we can confirm that we're now seeing attacks peak at almost 200 Gb/sec, utilizing ARMS, DNS Flood, GRE Protocol Flood, SNMP Flood, SYN Flood, and WSDiscovery Flood attacks as their main vectors. We've not seen a specific region being targeted as a result of these extortion attacks. There are institutions that reside in the UK, US, and APAC region who have received ransom letters.   \n At this time, we are not aware of any instances where the threatened follow-up attack was initiated once the ransom demand deadline passed. Consequently, the lesson here is that regardless of whether or not the targeted organization pays the ransom demand or not, the outcome remains the same.…