DDoS Extorsion isn’t a brand new trick for the hacker community but several new changes have been made. The use of Bitcoin as a payment method can be notable among them. DD4BC (DDoS for Bitcoin) was discovered to extort DdoS attack victims and to require Bitcoin payment. DD4BC seems to be focused on the Bitcoin-based gaming and payment processing industries.
In November 2014, the group reported that the Bitcoin mixture has sent a note requesting Bitcoin to support the site to increase their safety from DDoS attacks. In so doing, DD4BC carried out a small-scale attack to prove that this disruption tactic is vulnerable to trade. However, Bitalo declined finally to pay the ransom. In addition to creating more than $25,000 to provide details on the identities of people behind DD4BC, the website publicly accused the blackmail and extortion community.
The plots have a number of common features. The hacker during these acts of extortion:
Starts a tentative DDoS (from a few minutes to a few hours) attack to show that the hacker can compromise the target site.
Requests payment via Bitcoin while they suggest they really support the site by indicating their vulnerability to DdoS
In the future, there are even more virulent assaults.
The attacks threaten a greater lift (pay right now or maybe pay later)
Those attacks are easy for vulnerable sites to be deleted. A recent Arbor Networks research has revealed that a vast majority of DD4BCs’ current attacks have been targeted by UDP Amplification using insecure UDP Protocols, such as SSDP. And NTP UDP botnet-based flooding on the continuum of cyber assault is basically a simple and stupid assault that overwhelms an unwanted UDP-traffic network. Technically, such attacks are not difficult and with rented files, booters and botnets, they are much simpler.
The DD4BC gang’s normal pattern is to initiate DDoS attacks for levels 3 and 4, but if this does not have the desired effect it is / can switch to layer 7 with multiple loopback attacks with post / get requests. The first attack is usually on a 10 20GBps scale. This is really relevant but sometimes not close to the real hazard.
If a company does not satisfy its demands naturally, the team can usually proceed after a lasting assault for twenty-four hours if that company does not migrate across various anti-DDoS services. Yet this particular trend should not be used by you to monitor your cyber security practises.