Attackers are currently sending personalized emails attempting to extort money from website owners across the net. The sender promises to commit a distributed denial of service(DDOS) attack, to the tune of 1Tbps, against the recipients website unless they make a one-time payment of .1 Bitcoins. The recipient is given six hours to comply. Given the current value of Bitcoin this translates to about $179USD. Each message appears to be using a unique Bitcoin address. The attackers also appear to be using Whois data to pinpoint their exact targets. Each message we analyzed was sent to the registrant email listed in the public Whois record for the target domain. This type of targeted and customized threat has become the new normal.
Here is a look at the message below:
It seems these attackers have taken some pointers from the success that others have had with Cryptographic Ransomware. There are indeed some similarities. They are using Bitcoin to accept the payments which is encrypted and nearly impossible to trace. They also create the sense of urgency with providing only six hours to comply. Both are tactics employed in most Ransomware attacks. However, instead of delivering a malicious payload to whomever they can get to click, this attack uses a targeted approach through the utilization of publicly available information. No software is required to be installed on the target machine, they are simply banking on the fact that a certain percentage of the recipients will take this threat seriously enough to pay the relatively modest ransom. And with the amount of media attention lately on DDOS attacks that have in been occurring, in particular those committed by the Mirai botnet, the timing of this attack is pretty good. Of course we strongly recommend not paying the ransom in situations like this as it only serves to facilitate more attacks of this cast.