October 13, 2015
The distributed denial of service attack group DD4BC is going after one financial institution after another. Is it wise to pay the ransom?
The cybercrime ring DD4BC (Distributed Denial of Service for Bitcoin) is demanding money from finance firms, saying that they will barrage their sites with a DDoS attack –sparing them only if they hand over a large volume of bitcoin.
Many organizations are unsure whether or not they should comply with the attackers’ demands. Two organizations that were targeted months ago were bitcoin businesses Bitmain and Bitalo. DD4BC sent the companies demands for 10 and 100 bitcoin, respectively.
Rather than submitting to the attackers, the two organizations offered the same amount of bitcoin as a bounty to anyone who could provide the full and accurate identity of the hackers. Certainly they made the right decision by refusing to send the ransom, according to cryptocurrency news source Coin Fire. “[C]ompanies and sites that bow down to the pressure of DD4BC and similar groups simply embolden the attackers to continue extorting other sites in the industry,” reported the site, which actually has refused to pay demands from DDoS extortionists itself.
The real problem is that DD4BC hasn’t been caught. They started going after companies in September 2014, and international law enforcement has not yet been able to successfully track them.
The cyberterrorists started with about five attacks each month on bitcoin mining operations, exchanges, and gambling sites. During this summer though, the group started increasing its attack frequency and setting its sights on banks, brokerages, and financial clearinghouses in the United States, Europe, and Australia.
From September 2014 through July 2015 (that’s just 11 months), DD4BC went after these various types of firms 141 different times. Three out of every five attacks (58%) targeted finance organizations.
The group peaked with 41 attacks in June but still had its second most active month in July with 31 extortion attempts, explains Olivia Solon of BloombergBusiness. “The U.K. National Computer Emergency Response Team (CERT UK), which runs a national cyber-threat data-sharing initiative, confirms a ‘marked increase’ in reports of DDoS attacks by DD4BC against its partners,” she adds, “which include Lloyd’s Bank and BAE Systems, though there is no suggestion they have been hit.”
We often talk of security in terms of protection from sophisticated intrusion efforts, but distributed denial of service is more a matter of blunt force – essentially attempting to get the organization to submit by whacking it in the head. A geographically distributed computer network is used to hit a website with a massive amount of requests. The idea is to make the company’s server go down so that the site is immediately nonoperational.
That quickly gets expensive, with one analysis suggesting that the total financial toll can be as much as $27.78 per second, equivalent to $200,000 if the site is taken offline for two hours.
That is a big initial cost, but the scariest thing about these attacks to the financial firms is the threat to their credibility, argues European cybersecurity specialist Adam Philpott. “It represents vulnerability,” he says. “If I can’t access the service of an organization that’s handling a significant amount of my money, how can I trust it?”
Extorting companies via DDoS is an old concept, but this attack group is incredibly active.
The specific targets are not the largest corporations. In this way, the group is victimizing firms that don’t have the top level of tools and expertise to thwart their efforts.
The two phases of the initial attack are a sample DDoS and demand note. The sample attack is relatively small in scale and is intended to demonstrate that its threats are not baseless. The demand note offers press reports on DD4BC, along with the number of bitcoin required to stop them – typically 25-100 ($5800-$23,000) to be delivered within 24 hours.
As organizations try to determine if they will pay the ransom or not, they should be aware that the capabilities of these hackers is strong in some ways and weak in others. They are good at determining the weakness of infrastructure. At the same time, they are using prepackaged DDoS attacks that can be used by any company for stress testing. They aren’t building their own attack tools.
It’s not a good idea to pay these ransoms, although some organizations have, including online casino Nitrogen Sports and one bank, says Solon. “Nitrogen Sports [says they] paid up to buy time and put additional protections in place,” she notes.
Have you received a demand from DD4BC? Or are you worried you might be next on their list? Get the protection you need now, from Nexusguard – the global leader in DDoS defense, protecting our customers from malicious Internet threats to their sites, services, and reputations. Learn more.