DDoS ransom notes: why paying up will get you nowhere

If a large man stopped you on a street corner and told you that if you hand him five dollars, he won’t punch you in the face, what would you do? First you would sarcastically think to yourself welcome to New York, because that’s where this would happen.

Following that, you could say no. You could try to run. You could try to defend yourself. But with a matter of moments to think about it, you’d probably just hand over the five dollars. It doesn’t feel good to give money to an unethical person to stop him from doing a terrible thing to you, but hey, face punch averted.

Three days later, there he is again. Same offer only now its ten dollars. He already knows you don’t want to be punched in the face and he also knows you don’t seem to have any other plan for dealing with his threats. Handing over that first five dollars set you up to keep being victimised.

> See also: The growing threat of DDoS attacks on DNS

A DDoS ransom note has a similar strategy behind it. The difference is that you don’t have mere seconds to make your decision. Forewarned is forearmed, so get your shield up.

DDoS attack motivations

A DDoS attack is a distributed denial of service attack, which is an attack that seeks to deny the services of a website, network, server or other internet service to its users by interfering with an internet-connected host. While victims of this kind of attack may throw their hands up in the air and ask why me, it isn’t necessarily a rhetorical question.

Many people assume DDoS attacks stem from business rivalries, or are an attempt to gain a competitive advantage. In some cases this is true, but it’s far from being the only reason for DDoS attacks. DDoS attacks may stem from ideological or political differences, and in some instances they can even be equated with a hate crime when certain groups are targeted.

The other main causes of DDoS attacks essentially come down to script kiddies being script kiddies. Whether it’s a turf war between online groups, websites being randomly targeted for DDoS experiments, a challenge to see what attackers are capable of, or hacktivist groups trying to gain attention (the Lizard Squad, anyone?), a lot of the reasons for DDoS attacks can be summed up to just being a jerk on the internet.

DDoS ransom notes no exception

Speaking of jerks on the internet. For about as long as DDoS attacks have been a thing, so too have DDoS attack extortion attempts. ‘We have a botnet army prepared to take down your site. You have 24 hours to pay us $1000.’ This sort of ransom note is typically followed by a warning shot low-level DDoS attack, just so you know the attackers are capable of what they’re threatening.

A year ago, even a few months ago, these DDoS ransom notes were largely attributed to low-level cyber criminals, or kids trying to make some easy cash. But the recent actions of DD4BC, a high-level hacking group responsible for some high-level extortions on bitcoin companies, have shown us that this isn’t true.

DD4BC have been threatening 400+ Gbps DDoS flood attacks. While their actual attacks have been shown to be much smaller scale application layer DDoS attacks, peaking at about 150 requests per second accompanied by network layer attacks maxing out at 40 Gbps, these attacks would still be enough to take down most small to medium-sized websites.

DD4BC have been attempting to extort bitcoin and gaming companies since November of 2014. Lately they seem to have begun targeting the payment industry as well.

How to respond when you receive a DDoS ransom note

Thank your mom for all that just ignore it advice she gave you growing up, because one of the best responses here is definitely no response. If you pay the ransom, not only are you out that money, but you’ve also identified your website as one that has no professional DDoS protection.

That will put you on the exploitable victim list with a big exclamation mark after your name.

> See also: How organisations can eliminate the DDoS attack blind spot

Some companies have decided that they’re not content with merely ignoring the ransom demands. One of DD4BC’s first publicised extortion attempts was against the Bitalo Bitcoin exchange, who not only refused to capitulate, but slapped a big ol’ bounty on DD4BC’s head.

That bounty was added to by another bitcoin company, Bitmain, in March. Another high-profile website, meetup.com, also went public with their fight against a blackmail-related DDoS attack in March 2014.

Ignoring these DDoS ransom notes or actively fighting back against would-be extortionists is unequivocally what your organisation should do in the event that you receive one. However, to do either of these things absolutely requires that you have professional DDoS protection. You don’t poke the bear unless you know it can’t get out of its cage. If that means onboarding protection as soon as you get a note, then so be it.

A better plan is to have professional DDoS mitigation in place before you ever land on the list of some hacking group. Blackmail is just one of many reasons DDoS attacks take place, and DDoS attacks are getting stronger and more devastating all the time.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

DDoS Attack