bitcoin rescue
DDoS extortion is certainly not a new trick in the hacker community, but there have been several new developments. Among them, the use of Bitcoin as a payment method stands out. DD4BC (DDoS for Bitcoin) is a hacker (or group of hackers) that extorts victims with DdoS attacks, demanding payment via Bitcoin. DD4BC it appears to focus on the gaming and payment processing industries that use Bitcoin.
In November 2014, reports surfaced that the group had sent a note to the Bitalo Bitcoin exchange demanding 1 Bitcoin in exchange for helping the site improve its protection against DDoS attacks. At the same time, DD4BC ran a small-scale attack to demonstrate swap’s vulnerability to this interrupt method. However, Bitalo ultimately refused to pay the ransom. Instead, the site publicly accused the group of blackmail and extortion and set up a reward of more than $25,000 for information on the identities of those behind DD4BC.
The plots have several common characteristics. During these acts of extortion, the hacker:
Launch an initial DDoS attack (ranging from a few minutes to a few hours) to prove that the hacker can compromise the victim’s website.
Demands payment via Bitcoin while suggesting they are actually helping the site by pointing out its DdoS vulnerability
Threat of more virulent attacks in the future
Threat of larger ransom as attacks progress (pay now or pay more later)
Unprotected sites can be taken down by these attacks. A recent study by Arbor Networks concluded that the vast majority of actual DD4BC attacks have been UDP amplification attacks, exploiting vulnerable UDP protocols such as NTP and SSDP. In the spectrum of cyberattacks, botnet UDP flooding is a relatively simple, forceful attack that simply overwhelms a network with unwanted UDP traffic. These attacks are not technically complex and are facilitated by botnets, booters, and rented scripts.
The typical pattern of the DD4BC gang is to launch DDoS attacks targeting layers 3 and 4, but if this doesn’t have the desired effect, they will move you to layer 7, with various types of loopback attacks with send/receive requests. The initial attack is generally in a range between 10 and 20 GBps. This is quite massive, but often doesn’t even come close to the actual threat.
If a company does not comply with their requests, and if that company does not migrate this attack through various anti-DDoS services, the group will typically move on after 24 hours of a sustained attack. But you shouldn’t count on this pattern to manage your cybersecurity tactics.