The BBC has reported that the DD4BC gang threatens to swamp servers with data unless a ransom of up to 50 bitcoins (£8,000) is paid. “The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publically,” Marc Gaffan, general manager for the Incapsula service at Imperva commented on this attack.
[su_note note_color=”#ffffcc” text_color=”#00000″]Marc Gaffan, General Manager for the Incapsula Service at Imperva :
Is this a growing trend?
“Online extortion using DDoS, unfortunately, is not a new phenomenon. Customers have been receiving so-called ransom notes for years now. The advent of Bitcoin has made payment even less traceable, which has made DDoS extortion even more popular with cyber criminals. Here’s a blog from 2012 on the topic”
What can companies that come under this form of attack do?
“We do not recommend companies pay ransom notes. There is no guarantee criminals will stop the attack. And, paying may also make you a “mark,” and criminals may come back for more. Companies should get protection from DDoS attacks, and basic plans typically cost less than half of the £8,000 ransom request.”
What preventative measures can companies take?
“In addition to having DDoS protection, we recommend companies have a DDoS response plan in place. We’ve outlined the basic steps HERE”
Any other comments?
“We’ve been following DD4BC for a while now. Here’s an analysis of their MO from this spring”[/su_note][su_box title=”About Imperva®” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.