Radware reported that customers initially affected with DDoS ransom demands received new DDoS extortion letters threatening them with DDoS attacks if they did not pay.
The cybersecurity firm believes that the new lawsuits were fueled by the rise in the price of Bitcoin that skyrocketed from the initial DDoS threats. The attackers threatened victims with crippling DDoS attacks if they did not pay 5-10 Bitcoins valued at around $ 150,000 to $ 300,000.
According to Radware, the companies received the new ransom demands in December 2020 and January. 2021, while the initial threats were issued in August and September 2020, when the price of Bitcoin was around $ 10,000.
The threat intelligence firm added that the threat actors posed as the most notorious ransomware operators to make their threats more credible. Radware reported that the majority of customers who refused to pay were affected by intense DDoS attacks, more than 200 Gigabits per second.
DDoS extortion threat actors accused of multiple attacks in the past
The DDoS extortion letters were associated with groups responsible for a wave of DDoS attacks at OTP Bank, Magyar Telecom, MoneyGram, YesBank, Braintree, and Venmo. However, the New Zealand Exchange DDoS attack was one of the most intense, shutting down the organization for four days and causing undisclosed financial losses.
Despite their previous successes, the groups posed as big-name threat actors, including Fancy Bear, Lazarus Group, and Armada Collective. Other emails had the display name Kadyrovtsy, a Chechen nationalist paramilitary force, according to Black Lotus Labs.
However, cybersecurity experts believe that the groups were mere copycats of the named threat actors.
Radware believed that the affected customers were either ignorant of the initial ransom demands or were only known to the threat actors but unknown to the media.
DDoS extortion groups deliver on their cyberattack threats
Pascal Geenens, Director of Threat Intelligence at Radware, noted that 80% or four out of five Radware customers who received DDoS extortion letters experienced distributed denial of service (DDoS) attacks.
The most intense attack lasted 10 hours at a record speed of 237 gigabits per second. Geenens added that targeted Radware customers resisted DDoS attacks by redirecting their traffic to Radware’s debugging center.
Bitcoin price surge responsible for new wave of DDoS extortion attempts
Geenens believes that the threat actors were spurred by the rise in the price of Bitcoin that has more than tripled since the last campaign. He suggested that the attackers hoped to cash in while the price of Bitcoin was still high.
He also noted that the threat actors tried to present themselves as reasonable people who were trying to prevent companies from suffering colossal losses from the shutdown.
Instead, they offer a more reasonable offer, less expensive than the financial losses incurred from the Internet DDoS shutdown.
“We can easily shut it down completely, but considering the size of your company, it would probably cost you more a day without internet than what we are asking for, so we calculated and decided to peacefully try again,” the DDoS extortion letters read. “And we are not doing this for cyber vandalism, but to make money, so we are trying to make things easier (sic) for both of us.”
Furthermore, the rising price of Bitcoin also forced threat actors to reduce their demands by sometimes asking for five instead of ten Bitcoins. This is because the high price of Bitcoin made it impossible for some companies to pay.
Cyber crime gangs promised to remain persistent until their ransom demands were met, and they also promised to stay away after payment.
However, there is no guarantee that they will keep their word. Additionally, paying the ransom could attract the attention of other threat actors, making companies paying the ransom more prone to DDoS extortion.
Similarly, it encourages groups to target other companies, making DDoS extortion a common practice. In addition to the rise in the price of Bitcoin, these circumstances make it more unlikely that companies will pay the ransom.
James McQuiggan, a security awareness advocate at KnowBe4, believes surrendering to cybercriminals’ DDoS extortion attempts exacerbates the situation.
“In this situation, cybercriminals find that once an organization has paid in previous instances, they can demand money again.”
He added that “cybercriminals always go where the money is and can be regular customers.” In this case, however, the cybercriminals are running a business and not patronizing, according to McQuiggan.
Hackers made fresh ransom demands as the price of Bitcoin rose. 80% of Radware customers who received and ignored threats experienced #DDoS attacks. #cybersecurity #respectdata
“There is technology available to reduce risk and protect against DDoS attacks. It’s important to incorporate this with the same advice given for ransomware attacks: don’t pay the cybercriminals. Plus, it supports their efforts and may mean repeat visits from them after you pay them. “