Ransom and Blackmail DDoS— who’s really behind this?

Ransom and extortion is no longer reserved for sensational news and bad movies; cyber hackers are diving headfirst into this growing area of criminality. Hackers know you care dearly for your website, and they expect your protective instinct will translate into a quick payday.

Unwelcome News

Your website just went offline for 20 minutes. Few minutes later you see a strange message in your inbox that reads: “I have a DDoS army ready to attack. Pay $300 in 24 hours or I will crash your website again. Good day!” You hoped this day wouldn’t come. When you are operating a successful website, this is the last message you want to receive.

Unfortunately this type of message is more common than ever. Companies are being held against their will with ransom DDoS in this pattern. Hackers send a ‘warning shot’; just a couple Gbs of traffic to show you they mean business. Then the ransom note demanding your compliance or they will hit you even harder.

So how do you get out of this jam unscathed? Let’s examine recent ransom activity to see how you should respond to hacker threats.

DDoS is as easy as Pie

From the beginning of 2014 the cyber security industry has recorded some disconcerting trends regarding Distributed Denial of Service (DDoS) “ransom attacks”. To put this trend into numbers, according to security provider Incapsula, reports of DDoS ransom threats have increased from “one or two a week” to “once or twice every other day.”

But, to what do we owe this unwelcome surge in ransom DDoS threats occurrence?

Well, for one, this new trend is a result of technological improvements that made it easier (and cheaper) than ever to command DDoS botnets.

After all our infrastructures are constantly improving. Better networks also mean higher power attacks. These are dangerous tools for those who would misuse their potential.

Moreover, increased global Internet access also facilitates the evolution of botnet malware, as more and more underdeveloped and un-secured networks are added to the general pool.

Of course there are many reasons for this uptick. Yet, whatever those reasons are, the bottom line remains the same: today, DDoS attacks cost next to nothing to execute. And, with new and widely available “botnets for hire” services, they could be initiated by everyone, not only for ransom but also out of spite or sheer boredom.

Ransom DDoS – Modus Operandi

It’s interesting to note some of the common themes that appeared time and time again, in the latest ransom DDoS attacks.

Shifting the Attention

Oddly enough, many low-level hackers will tailor their message to their target as a thinly veiled threat from a rival company.

The point of this tactic could be to create a red herring in the target company’s ensuing investigation of the threat, but the more likely motivation is to instill a feeling of paranoia in the target.

Also, companies tend to make rash decisions (like pay an uncreative hacker) when they feel their enemies are bearing down on them.

Small Price to Pay

DDoS has become so easy, one can execute a DDoS attack for 20-30 USD at a time. This ease-of-use also drives down the average ransom price to a 300-700 USD. This is obviously just “pocket change” for many websites, and some would be inclined to pay up, but before they do they need to look at the bigger picture.

One issue with paying the initial ransom is the possibility of a second threat. After all, if the hacker knows that you’ll pay up, what is stopping them from coming at you again, with harsher demands?

Also, word of a vulnerable site that is susceptible to ransom DDoS demands gets around. Even if the first hacker honors his/hers word, what’s to stop someone else from trying to shake you down with another DDoS threat down the road?

Stingy Copywriting

Creative writing is not one of hacker’s strong suits. If you can believe it, the ransom email sent to Meetup was the exact same sent to a big Israeli website, and several others as well.

Hackers hiding behind the same block of text are likely trying throw off the scent in a counter investigation.

Who’s really behind these Ransom DDoS Attacks?

Considering the size of these attacks and the sloppy methods of execution – not to mention the pocket change ransom asks – these threats look like a work of so called “script kiddies” – amateurish hackers that use someone else’s tools to turn a quick profit.

spybotThis doesn’t mean that these “attention hackers” aren’t dangerous. Still, when you do get that ransom email, it helps to know what you are up against. After all, knowing is half of the battle.