14 DAY TRIAL // This week, a group of cybercriminals has launched a blackmail campaign threatening companies in New Zealand with distributed denial-of-service (DDoS) attacks unless they made a substantial payment.
A DDoS attack aims at bringing down the online services of a target, making them unavailable for customers. It is called distributed because the digital bombardment is deployed from multiple machines.
DDoS services are not expensive and can be rented with little effort from cybercriminals that have a network of infected devices ready to direct traffic to a target.
Victims have 24 hours to make the payment
The blackmail note is emailed either to certain individuals in the company or to generic addresses, such as those for customer support.
The attackers’ message is short and concise, informing the victim that it was targeted for a DDoS attack and demanding 25 bitcoins ($5,700 / €5,000) to be paid in 24 hours in order to avoid the assault. No reply to the email is required, just a deposit to a given bitcoin wallet.
The New Zealand Internet Task Force (NZITF) warns that the threats should not be ignored because the attackers do keep their word.
“The networks of at least four New Zealand organisations that NZITF knows of have been affected, so far. A number of Australian organisations have also been affected,” said Barry Brailey, NZITF Chair, in an advisory on Thursday.
According to NZITF, some of the emails received by the victims may include links to news articles about similar attacks suffered by other organizations.
Getting ready for the attack
Authorities recommend potential victims not to pay the fee, because this action could turn the company into a perpetual target of such attacks.
However, NZITF provides some advice for setting up defenses that could lower the impact of a DDoS attack or mitigate it completely.
At the top of the list is contacting the ISP (Internet Service Provider) and have it ready to perform traffic filtering. In some cases, this measure alone may be sufficient to stop the assault from reaching the company’s resources.
Another solution is to contract DDoS mitigation services or to rely on content delivery networks, which can segregate the bad traffic.
Advance preparation is key for dealing with such situations, and the 24 hours given by the attackers to come up with the money may be sufficient to get ready and block ports for services known to be used for DDoS, such as SSDP and NTP.