As Bitcoin price surges, DDoS extortion gangs return in force

Companies are receiving emails from cyber-criminals threatening large DDoS attacks unless a ransom is paid. Some groups are delivering on their threats.
Written by Catalin Cimpanu, Contributor
Bitcoin cryptocurrency
Image via PIRO4D

Extortion groups that send emails threatening companies with DDoS attacks unless paid a certain fee are making a comeback, security firm Radware warned today.

In a security alert sent to its customers and shared with ZDNet this week, Radware said that during the last week of 2020 and the first week of 2021, its customers received a new wave of DDoS extortion emails.

Extortionists threatened companies with crippling DDoS attacks unless they got paid between 5 and 10 bitcoins ($150,000 to $300,000).

Radware said that some of the emails it seen were sent by a group that was active over the 2020 summer when the extortionists targeted many financial organizations across the world.

Companies that received this group's emails last summer also received new threats over the winter, Radware said.

The security firm believes that the rise in the Bitcoin-to-USD price has led to some groups returning to or re-prioritizing DDoS extortion schemes.

But Radware said that the Bitcoin price surge was so sudden and unexpected that it caught even some groups by surprise. Extortionists also had to adapt and reduce their demands over time, going from requesting 10 BTC to 5 BTC, as in some cases, the extortion fee would have been too large for some companies to pay, as the Bitcoin price tripled since August 2020.

And just like in the summer of 2020, Radware said that these DDoS extortion groups had the firepower to deliver on their threats.

Radware said it saw some organizations being targeted with DDoS attacks after receiving the extortion emails. Attacks typically lasted around nine hours and ranged around 200 Gbps, with one attack peaking at 237 Gbps.

Image: Radware

But this resurgence in DDoS extortion tactics was also documented by Lumen's Black Lotus Labs, which reported on their comeback last week.

The former CenturyLink division, now part of Lumen, said these schemes never actually stopped, although the frequency of these email threats died down over the fall, compared to their prevalence over the summer.

Just like before, the DDoS extortion gangs also kept using the names of more famous hacking groups to send their threats, hoping to intimidated victims. Attackers used names such as Fancy Bear, Cozy Bear, Lazarus Group, and Armada Collective.

But towards the end of the year, Black Lotus Labs reported that some of these extortion emails were also signed using the name of Kadyrovtsy, the name of an elite Chechen military group that has also been associated with DDoS gangs and extortionists in the early 2010s.

Both Black Lotus Labs and Radware recommended that companies not pay the ransom as this merely invites more extortions in the future. Instead, companies are advised to request additional protection against any potential attacks from their security providers.

Editorial standards