Attackers are currently sending personalized emails attempting to extort money from website owners across the net. The sender promises to commit a distributed denial of service - DDOS - attack, to the tune of 1Tbps, against the recipients website unless they make a one-time payment of .1 Bitcoins. The recipient is given six hours to comply. Given the current value of Bitcoin this translates to about $179USD. Each message appears to be using a unique Bitcoin address.
The attackers also appear to be using Whois data to pinpoint their exact targets. Each message we analyzed was sent to the registrant email listed in the public Whois record for the target domain. This type of targeted and customized threat has become the new normal.
Here is a look at the message below:
Cyptographic Ransomware similarities
It seems these attackers have taken some pointers from the success that others have had with Cryptographic Ransomware. There are indeed some similarities:
- They are using Bitcoin to accept the payments which is encrypted and nearly impossible to trace.
- They also create the sense of urgency with providing only six hours to comply.
Both are tactics employed in most Ransomware attacks. However, instead of delivering a malicious payload to whomever they can get to click, this attack uses a targeted approach through the utilization of publicly available information. No software is required to be installed on the target machine, they are banking on the fact that a percentage of the recipients will take the threat seriously enough to pay the relatively modest ransom.
With the amount of media attention on DDOS attacks that have in been occurring, in particular those committed by the Mirai botnet, the timing of this attack is good. We recommend not paying the ransom in situations like this as it only serves to facilitate more attacks.