A group of hackers with the name DD4BC and active since September 2014 has been blamed for over 141 DDOS ransomware attacks.
The group, identified and analyzed by the Prolexic team Security Akamai's Engineering and Response Team (PLXsert) has been very busy over the past few months, launching numerous DDOS attacks against Akamai customers, demanding Bitcoins as ransom to stop their attacks.
Most of the attacks targeted Akamai customers operating in the financial sector, where there is a higher probability of extracting a Bitcoin payment than other industries.
This is due to the fact that financial companies tend to have bigger losses per minute of their downtime compared to other players in the health, tourism, telecommunication, or other fields.
Σύμφωνα με την έκθεση της Akamai, οι περισσότερες από τις επιθέσεις γίνονται μέσω πρωτοκόλλων όπως τα NTP (Network Time Protocol), SSDP (Simple Service Discovery Protocol), UDP (User Datagram Protocol) , TCP (Transmission Control Protocol), ICMP (Internet Control Message Protocol), DNS (Domain Name System), και SNMP (Simple Network Management protocol).
In addition, researchers noted that DD4BC they used a vulnerability in WordPress pingback mode to cause DDOS attacks from various WP Web sites.
DDOS attacks do not reach extremely high prices, generally averaging 13,34 Gbps, with a maximum of 56 Gbps.
The usual methodology of an assault by the DD4BC team is to first send an email that is recommended by referring to the previous activities and then asking Bitcoins as a ransom from the company.
The ransom usually ranges from 25 to 100 Bitcoin, which is around 5.350 - 21.400 euros.
If the extorted companies do not send the ransom in addition to activating the DDOS attack, DD4BC threatens the company with the disclosure of data (usually on social media) that can destroy the reputation of these companies.
Akamai did not say whether there were companies that ended up paying ransom but said they blocked at least 75 from 141 DDOS attacks recorded through its servers.
since report includes only Akamai server data, the actual number of DDOS attacks is likely to be multiple.