Cursed Patriarch

Cursed Patriarch is known from a distributed denial‑of‑service extortion campaign that occurred on 21 October 2021. The campaign targeted several privacy‑focused email providers, including Runbox, Posteo, Fastmail, TheXYZ, Guerilla Mail, Mailfence, Kolab Now and RiseUp. In the ransom notes the threat actor identified itself as “Cursed Patriarch”. The attacks were described as coordinated and were separate from unrelated DDoS incidents affecting a UK VoIP provider and a gaming server company. No further information about the entity’s regular business activities is available from the cited source.

According to the reporting, the DDoS traffic reached peak volumes of approximately 50 Gbps and, in separate spikes, up to 256 Gbps. The extortion demand was set at 0.06 bitcoin, with a warning that non‑payment within three days would result in prolonged network outages. Multiple targeted providers publicly confirmed they had received the threats but chose not to pay the ransom. The campaign illustrates a broader trend of DDoS extortion leveraging emerging botnets such as Meris. The described peak bandwidth figures are taken directly from the source article and represent the highest observed levels during the attack.

The source material does not disclose any details about Cursed Patriarch’s core products, services, market scope, or typical clientele. Likewise, no information is provided regarding the organization's size, employee count, geographic reach, ownership structure, or parent/subsidiary relationships. Because the public record is limited to this single incident, any description of distinguishing attributes or sector positioning would be speculative. Consequently, the profile presented here is restricted to the verified facts of the October 2021 DDoS extortion operation. Additional sources would be required to elaborate on the entity’s broader activities or organizational characteristics.