A new form of cyber crime is rearing its ugly head on the internet. It’s called DDoS extortion or DDoS ransom. Like the very popular ransom-ware attacks that demand money in order to regain control of compromised systems, DDoS ransom attackers demand money, usually in the form of untraceable Bitcoins, to halt or prevent a DDoS attack on a web site. For many businesses, web sites have become the main platform for sales, but a DDoS attack on a site could knock it out for quite some time, forcingย the owners to forgo any business that could have been done in the meantime. Below AT&T has provided an example of what a DDoS ransom letter looks like:
Please forward this email to someoneย in your company who is allowed toย make important decisions!
We haveย chosen your company as a target for ourย next DDoS attack.
All of your servers will be subjectย to a DDoS attack starting Friday.
Right now we are running a small 1ย hour demo attack toย prove that this is not a hoax.
What does this mean?ย This means that your website andย other connected services will beย unavailable for everyone; during theย downtime, you will not be able toย generate any sales. Please also noteย that this will severely damage yourย reputation among your users /ย customers as well as strongly hurtย your Google rankings (worst case =ย your website will get de-indexed).
How do I stop this?ย We are willing to refrain fromย attacking your servers for a smallย fee. The current fee is 15 Bitcoinsย (BTC). The fee will increase by 15ย Bitcoins for each day that has passedย without payment.
What if I donโt pay?ย If you decide not to pay, we willย start the attack at the indicatedย date and uphold it until you do,ย thereโs no counter measure to this,ย you will only end up wasting moreย money trying to find a solution. We willย completely destroy your reputationย among Google and your customers andย make sure your website will remainย offline until you pay.
Do not reply to this email โ donโt tryย to reason or negotiate โ we will notย read any replies. Once you have paidย we wonโt start the attack, and youย will never hear from us again!
Please note that Bitcoin is anonymous,ย and no one will find out that youย have complied.
In response to the DDoS ransom note above, AT&T writes “The story of this extortion attempt had a happy ending. By teaming up with AT&T services, the organization was prepared for just such an attack and able to completely block the effects of the attackerโs threats.” AT&T and many other companies provide services that can prevent or minimize the effects of such attacks.ย No business owner wants to spend their precious time dealing with such a nuisance. Read more here.