A team hacker with it name DD4BC and active since September 2014 has been blamed for over 141 DDOS ransomware attacks.
The team, identified and analyzed by Akamai's Prolexic Security Engineering and Response Team (PLXsert), has been very busy over the past few months, making numerous DDOS attacks against Akamai customers, demanding Bitcoins as a ransom to stop their attacks.
Most of the attacks targeted Akamai customers operating in the financial sector, where there is a higher probability of extracting a Bitcoin payment than other industries.
This is due to the fact that the Companies με οικονομικό αντικείμενο τείνουν να έχουν μεγαλύτερες απώλειες για κάθε λεπτό του χρόνου διακοπής τους, σε σύγκριση με άλλους φορείς που δραστηριοποιούνται στον τομέα της healths, tourism, telecommunications, or various other fields.
According to the Akamai report, most of the attacks are done through protocols such as NTP (Network Time Protocol), SSDP (Simple Service Discovery Protocol), UDP (User Datagram Protocol), Transmission Control Protocol (TCP), ICMP Message Protocol, Domain Name System (DNS), and Simple Network Management Protocol (SNMP).
In addition, researchers noted that DD4BC they used a vulnerability in WordPress pingback mode to cause DDOS attacks from various WP Web sites.
DDOS attacks do not reach extremely high prices, generally averaging 13,34 Gbps, with a maximum of 56 Gbps.
The usual methodology of an attack by the DD4BC group is to first send an e-mail in which it introduces itself by mentioning the previous activities and then demands Bitcoins as a ransom from the company.
The ransom usually ranges from 25 to 100 Bitcoin, which is around 5.350 - 21.400 euros.
If the extorted companies do not send the ransom in addition to activating the DDOS attack, DD4BC threatens the company with the disclosure of data (usually on social media) that can destroy the reputation of these companies.
Akamai did not say whether there were companies that ended up paying ransom but said they blocked at least 75 from 141 DDOS attacks recorded through its servers.
since report includes only Akamai server data, the actual number of DDOS attacks is likely to be multiple.