14 DAY TRIAL // A cybercriminal group specialized in distributed denial-of-service (DDoS) attacks started to send blackmail messages to companies in Northern Europe threatening to disrupt activity unless 40 bitcoins (currently about $9,100 / €8,100) are paid to a given address.
The group, called DD4BC, is well known for DDoS incidents affecting companies from multiple countries like New Zealand, Switzerland, Australia and the UK, prompting alerts from their Computer Emergency Response Teams.
Extortionists provide sample of their DDoS power first
It looks like the outfit is now targeting big business in Scandinavia, as researchers from Heimdal Security based in Copenhagen received recent reports about blackmail messages demanding for a fee to avoid a large, sustained UDP flood attack of 400/500 Gbps.
There is no evidence that DD4BC has such capability, but Incapsula, a company offering DDoS protection, says that it observed medium-sized network layer attack that reached 40Gbps, which can bring down online services that do not benefit from protection.
In a blog post on Monday, Heimdal Security says that before the ransom message is delivered to the victim, DD4BC launches “a massive and violent DDoS attack” for about one hour. This is enough to disrupt the business and cause significant loss, the company says.
“The typical pattern for the DD4BC gang is to launch DDoS attacks targeting Layer 3-4, but if this does not have the desired effect, they will/can move it to layer 7 with various types of loop back attacks with post/get requests. The initial attack typically lies on a scale between 10-20GBps,” the company adds.
Ransom increases with each hour of attack
In the message to the victim, the group says that if the initial monetary demand is not met, the fee rises to 100 bitcoins (currently $22,800 / €20,400) and it would continue to increase with each hour of assault.
“If you think about reporting us to authorities, feel free to try. But it will not help. We are not amateurs. The best thing that can happen, they will go publicly about it. We will, again, get some free publicity. But for you, price will go up,” DD4BC writes in the email to victims.
According to Heimdal Security and confirmed in multiple alerts about the group’s activity, the targets are generally servers belonging to financial institutions or card payment gateways. As the ransom letter also indicates (provided with redactions by Heimdal), several bitcoin exchange services have also been targeted.
Although the attackers promise to not hit the same target twice, in an attempt to make the victim pay, it is indicated not to give in and invest in anti-DDoS technology or rely on dedicated services.