The concept of bitcoin ransom —a criminal trend described as the “modern day version of a mob shakedown" — is hardly new, but an elusive cybercriminal group is on an extortion spree and raking in bitcoin payments along the way.
The bitcoin extortionist group DD4BC, which stands for DDoS for Bitcoin, uses the threat of distributed denial of service attacks (DDoS) to blackmail financial institutions into paying big bitcoin ransoms and as Bloomberg reported yesterday (Sept. 9), the group is now ramping up its activity.
Over the last few months, DD4BC has joined the growing trend of hackers using DDoS attacks to shake down big banks, threatening to render a financial institution’s website useless by jamming the site with traffic if they don’t pay up in bitcoin.
According to the latest research published by Akamai, the group has launched nearly 150 attacks, with 58 percent of those directed at financial service companies such as banks, brokerages and automated clearing houses located throughout Europe, Australia and the U.S.
DD4BC has not only increased the number of its attacks in recent months, but it has also employed new strategies and tactics with the intention to “harass, extort and ultimately embarrass the victim publically," Stuart Scholly, Senior Vice President & General Manager, Security Division at Akamai, explained in a press release.
After identifying a target, DD4BC launches a quick attack on the financial organization to show what it is capable of and then sends an email outlining its demands. The message usually includes links to recent press coverage of their other attacks and a demand for anywhere from 25 bitcoin ($6,150) to 100 bitcoin ($25,000).
“If the organization doesn’t pay – and they shouldn’t - they'll be hit with another DDoS attack with a larger volume and the price will go up. If they [DD4BC] perceive that the organization is taking defensive measures, the extortion payment will increase further,” Roland Dobbins, Arbor Networks’ security engineering and response team member, explained to Bloomberg.
The group has been able to elude international police forces since it started its attacks in mid 2014 and has built a reputation for following through on their threats if its bitcoin demands are not met.
“They’ve been industrializing their operation – doing it at a scale and level that has not been seen before,” James Chappell, co-founder of security firm Digital Shadows, told Bloomberg.
In a survey of 510 companies conducted by analytics firm Neustar earlier this year, nearly one-third said they lose more than $100,000 in revenue per hour while DDoS attacks are going on.
Nearly 91 percent of respondents said DDoS attacks haven’t decreased as a threat in the past year, 85 percent reported multiple attacks and 31 percent said their longest attacks lasted more than one day.