Denial of Service Attack Meets Ransomware

Cloudflare, the denial of service prevention vendor, is reporting hearing of gangs who threaten denial of service attacks unless the victim pays a ransom in bitcoins.  Even though they have heard from over 100 customers, none have been attacked, whether they pay or not.

Here is the scam.  You use the name of a known DDoS group – in this case, the Armada Collective – and threaten people with being attacked.  The attacker may – or may not – have any relation to that group.

You set the payment level low for avoiding the attack – in this case, 10 bitcoins or about $4,000.

You threaten people that if they don’t pay they will be attacked and the fee to stop the attack will go up to 20 bitcoins and go up by 10 bitcoins a day.

You also tell people that you have a magic attack that bypasses anti-DDoS vendors like Cloudflare.

And then, you sit around and wait until some people pay up.

This is a whole lot simpler than actually having a way to launch a DDoS attack or having a way to bypass Cloudflare’s protections.

To date, according to a company that reviews the bitcoin blockchain, these attackers have received at least $100,000.  While that is not much, there may be other bitcoin accounts that they have not examined and  the attackers only cost is sending out a few emails.

While there certainly is no way to know if the attacker can launch an attack, at least so far, they do not seem to have either the ability or desire to do so.

The folks at Cloudflare have talked to other anti-DDoS vendors and they also have customers who have received the emails.

It is certainly possible that these attackers COULD have the capability to launch an attack – we just do not know.

One reason to doubt it is that they seem to be reusing bitcoin accounts between different targets.  Given bitcoin is anonymous, if they did, in fact, plan to attack someone, they would not have an easy way to figure out who has paid and who has not paid.

At the moment, Cloudflare seems to think this is an empty threat, but things do change.  Now that they have been outed on Cloudflare’s blog, they could decide to escalate.  OR, they could decide to fold for a while, wait for people to forget and try it again.

No one knows.

Information for this post came from Cloudflare.

Leave a Reply

Your email address will not be published.