How Cybercriminals Use DDoS Attacks to Extort Money From Victims

If you’re the owner or operator of a business, one of the worst things that can happen to you is to be robbed of your ability to run that business and, therefore, earn a livelihood. That is the inherent threat of a type of cyberattack called a Distributed Denial of Service (DDoS) attack, which works by overwhelming a website or internet service without proper DDoS protection with so much fake traffic that it temporarily stops functioning.

By knocking a particular website or service offline, or just rendering it impossibly slow, the operator is deprived of not only the lost revenue during the time the attack is going on, but potentially dented customer loyalty as well. After all, if you’re operating in a competitive field then it doesn’t take much to make users look elsewhere. The estimated cost of an average DDoS attack to the victim is in the vicinity of $40,000 per hour — and attacks can, in some cases, last many hours.

The threat of having a website or service knocked offline can be even worse than lost dollars for a business owner. If, for instance, a hospital or medical provider is the target of a DDoS attack, it could mean rendering potentially life-saving records inaccessible.

An extortion racket

Hackers know the threat of such a cyberattack and, in many cases, they’re more happy to leverage that to their financial advantage. While a regular DDoS attack may cost a target time and money, it doesn’t necessarily make the attacker anything. Unless they are a direct rival, and therefore likely to reap the rewards of customers going elsewhere, the only thing they will “earn” from executing an attack is knowledge of the chaos they have caused. That is why cyberattackers are increasingly using the threat of a DDoS attack to extort money from targets.

It’s a digital age twist on the old gangster threat: “Nice business you’ve got there. It would be a shame if anything was to happen to it.” And, knowing just how damaging the results can be, enough targets will pay up to make it worth the while of attackers.

This August, a group that claimed to be the well-known hacker collective Armada Collective contacted targets in sectors ranging from retail to finance and threatened them with massive DDoS attacks unless they paid a ransom before a certain deadline. This ransom started out at five bitcoins (a single bitcoin was valued at $13.5k at time of writing), and increased by 5 bitcoin per day until the ransom was paid. If it was not, the attackers threatened a major DDoS attack would be exacted on the target in question.

False flags

In some cases, cybercriminals use false flag operations in an attempt to increase payouts. A false flag, in its simplest terms, means posing online as someone you’re not. Typically it means disguising the identity of the party that’s actually responsible and instead trying to place blame on another. It can also refer to cyberattackers who pose as a well-known group, such as the Armada Collective example, to try and make a threat seem more severe.

In recent years, a number of attacks have threatened the firepower of large groups like Fancy Bear, a hacking entity allegedly backed by the Russian Government, which hacked the White House in 2014. Sometimes threats are accompanied by a smaller attack, with a larger one promised if the target does not comply with a demand. By posing as a determined entity with the ability to carry out terrifying large DDoS attacks, cybercriminals can inflate the fear levels to the point where they can squeeze considerably more money out of victims.

The financial cost of a DDoS attack isn’t just about how much money attackers can extort from you or the cost of unasked-for downtime, either. You may have hosting expenditure and repairs to cover. In some cases, you could have to pay a large amount for servers responding to fake requests. In all, the situation can be nightmarish for the victim of a DDoS attack.

Protect yourself

But there are ways to protect yourself and your business or organization. Cybersecurity professionals have tools that intelligently block impending DDoS attacks by analyzing incoming traffic and filtering out the bad, fake traffic, while continuing to allow through legitimate requests — meaning that genuine customers and users may continue to use your services unimpeded.

Another option available involves high-capacity networks that can process tens of billions of attack packets per second, defending against the biggest attacks previously recorded. Or, in the case of ransom attacks, mitigating the threat of such attacks.

Make no mistake about it: DDoS attacks are absolutely no fun. They can be crippling to businesses and other organizations, particularly at a time when, for many, resources are already stretched. Fortunately, you’re not powerless in the face of such attacks. Investing in the proper defences is some of the smartest money you can spend.