$7500 DDoS extortion hitting Aussie, Kiwi enterprises
Pay up or we'll send up to 400Gbps your way
New Zealand Internet Task Force (NZITF) chair Barry Brailey is warning Australian and New Zealand enterprises to be on the look out for distributed denial of service extortion attacks demanding payment of up to AU$7500.
Brailey says criminals are hitting big organisations on both sides of the Tasman that have a large online presence with payment gateways at gaming outfits and retail shops a favourite target.
Net scum are to date failing to deliver the promised 400 Gbps DDoS payloads with mere 10 Gbps attacks being received by non-payers.
"They seem to be targeting enterprises with large online direct cash-generating payment gateways," Brailey says.
"They are only asking for about $6000 which is not a large amount of money for businesses like that."
He urges business not to pay however since doing so may paint them as soft targets.
The DDoS data has come through the NZITF's security friends in New Zealand and Australia and is largely anecdotal.
But industry veteran Brailey says history suggests those organisations that fail to pay and instead defend against the DDoS using port blocking or sinkholes will be hit at a later date.
Victims keen to pay the extortion will need to obtain 25 Bitcoins and pay a specified wallet.
Hacking extortions are a common occurrence with ransomware taking the spotlight in recent years. The malware is more effective at forcing victims to pay because it is much harder to circumvent than DDoS.
Possibly the most advanced instance of ransomware was revealed February. Crims encrypted web applications and waited months allowing the data to be seamlessly decrypted as it was read before they revoked the key and demanded payment.
That move reduces the likelihood that well prepared admins can revert to the last backup with minimal disruption as they would find it too is encrypted. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Let's Encrypt
- Palo Alto Networks
- Trusted Platform Module
- Zero trust