A number of large UK corporations and institutions, such as Lloyds Bank and BAE systems, have reported a “marked increase” in Distributed Denial of Service (DDoS) attacks from the Bitcoin extortionist group DD4BC, which has been operational since last year. The increased aggressions appears concurrent with reports from other organisations. A cybersecurity case study released by Akamai identified 114 DD4BC attacks against the company’s customers since April 2015, with 41 cases taking place in June alone. In comparison, there were only 5 attacks in January and February 2015.
"The latest attacks—focused primarily on the financial service industry—involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publicly,” said Akamai Security Division executive Stuart Scholly in a press release.
58% of DD4BC's targets are financial institutions, according to Akamai. The group begins with ransom emails that state their demands, which vary anywhere between 1 and 100 bitcoins (about ￡160 to ￡16,000), a deadline for compliance, and warning of a “small, demonstrative attack.” Should the victim prove uncooperative, the figure is raised and a more forceful show of force is made. This technique is particularly effective against financial institutions as DD4BC threatens to publicise their attacks, negating the institution's reputation and trustworthiness.
Akamai reports that DD4BC—which stands for "DDoS for Bitcoin"—has been observed utilising the typical scripted attacks found on the DDoS-for-hire market, and have mainly made use of three attack types: NTP floods, SSDP floods, and UDP floods. The largest attack so far was measured at around 56.2Gbps. The company warns that copycats may enter the fray. Fortunately, in part because DD4BC has begun to target enterprise-level organisations, law enforcement agencies appear to have finally taken notice. The UK’s National Crime Agency, which itself was target of a Lizard Squad DDoS last week, informed Bloomberg that it was “aware” of the group’s activities.
A number of businesses have complied with DD4BC's demands, but one former victim tried a different tack, placing a bounty of 100 bitcoins (~￡16,000) on the group in the hope that someone might come forward with details of who's behind the attacks. Bitman, a large Bitcoin mining equipment manufacturer, then added 10 Bitcoins to this figure. So far, despite a number of potential leads, the bounty hasn't been claimed.