Search Blog for

Bitcoin – the Preferred Ransom Currency of DDoS Attackers

Bitcoin – the Preferred Ransom Currency of DDoS Attackers

DDoS extortion is on the rise. The FBI wrote that it “suspects multiple individuals are involved in these extortion campaigns. The attacks are likely to expand to online industries and other targeted sectors, especially those susceptible to suffering financial losses if taken offline.” The extortionists’ currency of choice? Bitcoin.

Our recent survey showed that 46% of DDoS victims received a ransom note from their attacker—often prior to the assault. Such messages promise to spare the organization from a crippling attack in exchange for money, and read something like this:

“Your site is extremely vulnerable to DDoS attacks. I want to offer you info about how to properly set up your protection, so that you can’t be DDoSed. My price is one Bitcoin.”

Once the initial warning period has expired without payment having been made, the extortionists typically raise their price. The burden is now on the victim, to procure Bitcoins and pay the extortionists to stop the attack. On average a DDoS attack can cost an organization $40K per hour, so the current exchange rate of one  Bitcoin equalling $775 appears a bargain.

If one victim compiles, the extortionists quickly obtain their Bitcoin. Multiply this on a mass scale and they’re minting a lot of money.

One disturbing approach is that hackers aren’t bothering to breach networks to obtain Bitcoin. Instead, they’re out on your perimeter and lodging low-level DDoS attacks against your firewall.

Ready-made money? Not quite

Extorting Bitcoin appears far simpler than stealing personal identifiable information (PII) or credit card data, because on their own they aren’t currency. They need to be exploited further, otherwise it’s just data.

Bitcoin, on the other hand, is ready-to-use currency.

By threatening organizations with low-level application DDoS attacks, hacker extortion rings like DD4BC and others can disrupt business and erode the trust companies have established with their clients.

Although European law enforcement has made some progress ensuing in DD4BC arrests, the group has created a proof of concept in using DDoS to collect Bitcoin.

Interestingly, there’s a common misperception that Bitcoins are untraceable. states that the crypto currency is the most transparent payment network in the world. Its public, traceable transaction logs are permanently stored in the Bitcoin network making all transactions visible. There are ways to set privacy levels to protect private information.

For users, Bitcoin works like a mobile app or computer program. It gives them a personal Bitcoin wallet from which a user can send and receive Bitcoins. What makes Bitcoins traceable is the public ledger the Bitcoin network shares called the “block chain”. Every transaction ever processed is recorded by this ledger and lets a user’s computer authenticate the validity of each transaction.

As for getting around being traced, users can scramble the user end of the block chain-recorded transactions or use disposable emails for each transaction.

Despite the fact that Bitcoins are traceable, DD4BC copycats have made the virtual crypto currency their preferred ransom payment. This may be due to the perceived lower barriers to entry and the lack of personally identifiable information tied to Bitcoin addresses as reported by CNBC.

Four things you can do if you receive a ransom note

With DDoS attacks and threats of the same still prevalent, here are some steps you can take to protect yourself if you receive a threat by a cyber extortionist. We wrote about this previously and advise again against paying a ransom.

  1. Don’t reply to the note – There is no negotiating with attackers, so responding is pointless.
  2. Don’t pay the ransom – There is no guarantee that the attacker won’t return to extort again.
  3. Create/alert your response team – Attempt to weather the assault using an effective DDoS mitigation solution.
  4. Inform your legal team of the attack – Send them a copy of the ransom note. Depending on its length and impact, public organizations may decide to disclose the event.

Need more on how to deal with the threat of a DDoS attack? Click to download this guide on How to Start Making a DDoS Response Plan.