Online scammers constantly are looking for new ways to reach into the pockets of potential victims, and the FBI says it is seeing an increase in the number of companies being targeted by scammers threatening to launch DDoS attacks if they don’t pay a ransom.
The scam is a variation on a theme, the familiar ploy of either holding a victim’s data for ransom or threatening some kind of attack if a ransom isn’t paid. Ransomware gangs have been running rampant in recent years, using various kinds of malware to encrypt victims’ data and then demand a payment, usually in Bitcoin, for the encryption key.
The scam that the FBI is warning about isn’t as intrusive as that, but it can be just as damaging. The attackers in these cases are emailing people inside organizations and demanding that they pay a ransom or face a DDoS attack.
“Victims that do not pay the ransom receive a subsequent threatening e-mail claiming that the ransom will significantly increase if the victim fails to pay within the time frame given. Some businesses reported implementing DDoS mitigation services as a precaution,” an alert from the FBI says.
The FBI says that it believes there are several people involved in these scams and they anticipate that they will expand the number of industries that they’re targeting in the near future. Organizations that haven’t paid the ransom have in some cases been hit with the threatened DDoS attacks, but the FBI said they typically don’t last very long.
“Businesses that experienced a DDoS attack reported the attacks consisted primarily of Simple Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, WordPress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit,” the FBI alert says.
There have been high-profile incidents like this in the recent past. Basecamp, a project management console, was hit with such an attack in 2014 when attackers tried to blackmail they company and then hit it with a DDoS attack.