DDoS extortion is certainly not a new scam in the hacker community, but there are many new developments in it. Notably to them is the use of Bitcoin as a method of payment. DD4BC (DDoS for Bitcoin) a hacker (or group of hackers) found extorting victims of DdoS attacks, demanding payment via Bitcoin. DD4BC seems to focus on the gaming and payment processing industries that use Bitcoin.
In November 2014, reports emerged of the group sending a note to the Bitalo Bitcoin exchange requesting 1 Bitcoin in return for helping the site improve its protection against DDoS attacks. At the same time, DD4BC executes a small attack to show the weakness of the exchange of this method of interference. However, Bitalo eventually refused to pay the ransom. However, the public site accuses the group of blackmail and extortion as well as making a bounty of more than USD $ 25,000 for information about the identities of those behind DD4BC.
Plots have many common characteristics. During these acts of extortion, the hacker:
Launches an initial DDoS attack (from a few minutes to a few hours) to prove that the hacker is able to compromise the victim’s website.
Requested payment via Bitcoin while suggesting that they were actually helping the site by pointing out their vulnerability to DdoS
Threatens more violent attacks in the future
Threatens a higher ransom as attacks progress (pay now or pay more later)
Unprotected sites can be captured through these attacks. A recent study by Arbor Networks concluded that the majority of actual DD4BC attacks are UDP Amplification attacks, which take advantage of weak UDP Protocols such as NTP and SSDP. On the spectrum of cyber-attacks, UDP flooding through a botnet is a relatively simple, straightforward attack that simply fills a network with unwanted UDP traffic. These attacks are not technically complicated and are made easier by rented botnets, booters, and scripts.
The typical pattern for the DD4BC gang is to launch DDoS attacks that target layers 3 and 4, but if they don’t have the desired effect, they can / will move them to layer 7, with different types of attacks. loopback attack with post / retrieve requests. The initial attack is usually in the range between 10-20GBps. It’s big, but often not even close to the real threat.
If a company fails to respond to their requests, and if that company does not move on to this attack through various anti-DDoS services, the group will usually resume after 24 hours of a continuous operation. -attack. But you should not rely on this standard to manage your cyber security tactics.