Bitcoin Ransom


The extortion by DDoS is certainly not a novelty on the part of the hacker community, but several new developments have taken place. Among these, we note the use of Bitcoin as a means of payment. DD4BC (DDoS for Bitcoin) is a hacker (or computer hacking group) that extorts victims of DdoS attacks, demanding payment by Bitcoin. DD4BC seems to focus on the gaming and payment processing industries that use Bitcoin.

In November 2014, the group reportedly sent a note to Bitalo Bitcoin's central requesting 1 Bitcoin in return for helping the site to strengthen its protection against DDoS attacks. At a time, DD4BC carried out a small-scale attack to demonstrate the vulnerability of the exchanges to this method of disturbance. Bitalo finally refused to pay the ransom, however. Instead, the site publicly accused the blackmail and extortion group and created a bonus of over $ 25,000 for information regarding the identity of the original people of DD4BC.

Plots have several common characteristics. During these acts of extortion, the hacker:

Starts an initial DDoS attack (minutes to hours) to prove that the attacker is capable of compromising the victim's website.

Requires payment via Bitcoin while suggesting that they actually help the site by highlighting their vulnerability to DdoS

Threat of more virulent attacks in the future

Threaten bigger ransom as attacks progress (pay now or pay later)

Unprotected sites can be destroyed by these attacks. A recent study by Arbor Networks concluded that a large majority of DD4BC's actual attacks were UDP amplification attacks, exploiting vulnerable UDP protocols such as NTP and SSDP. In the spectrum of cyberattacks, UDP flooding via the botnet is a relatively simple and straightforward attack that simply overwhelms a network with unwanted UDP traffic. These attacks are not technically complex and are facilitated by botnets, booters and rented scripts.

The typical DD4BC gang model is to launch DDoS attacks targeting layers 3 and 4, but if it does not have the desired effect, they will be able to move it to layer 7, with various types of looping attacks. with post / get requests. The initial attack is usually between 10 and 20 GB / s. It's rather massive, but often not even close to the real threat.

If a company does not respond to its requests and if this company does not migrate this attack through various anti-DDoS services, the group will usually go after 24 hours of a sustained attack. But you must not rely on this model to manage your cybersecurity tactics.

Comments are closed.