Twenty-or-so years ago, Mel Gibson starred in the movie “Ransom”. It was a fun bit of hokum, where he told the people who kidnapped his son that he wouldn’t pay them the $2 million ransom they demanded, but instead offered a bounty for anyone who could catch the kidnappers – dead or alive.
Of course, that would never happen in real life, right? Right?
However, as Softpedia reports, two websites have taken a leaf from mad Mel’s book and have offered a bounty on the extortionists who are attempting to blackmail them with denial-of-service threats.
Here’s what happened.
Hacked.com and sister site CryptoCoinsNews.com were both hit by a distributed denial-of-service (DDoS) attack earlier this week. The attacks were accompanies by an email from the apparent attackers, threatening to inform the sites’ advertisers about the downtime unless a 2 bitcoin ransom was paid.
We are attacking your website now and we have taking it down for around 3 hours now.
Pay us 2 Bitcoins now to:
Or we will keep attacking your website, we have only used 20% of the machines we have enslaved by our Trojan
If you do not pay those 2 BTC today, you will have to pay 3 BTC tomorrow
Also, if I don’t receive those 2 BTC within an hour, I will start mailing all the advertisers on your website telling them that your website is down.
Pay me those 2 BTC and I will tell you the fatal security vulnerabilities on your site. Pay me those 2 BTC instead of losing the trust of the advertisers. Countdown began.
So, what would you do?
Well, the first thing is probably to ensure that your website is working properly. Fortunately, in this case, the sites were able to mitigate the threat and restore access for their readers.
But should you pay a ransom to blackmailers? I would strongly argue that you shouldn’t. Paying extortionists only tells them that you are a soft target – who can probably be fleeced for “protection money” time and time again, as the threat continues to hang over your head.
I’m pleased to say that Hacked and CryptoCoinNews didn’t pay the ransom. Instead, they counter-attacked.
- the ID(s) of the extortionists
- Location (address)
- Similar attacks on other sites/companies
- Other relevant information
I’m not entirely convinced that it’s wise to goad online criminals in this fashion, but you have to respect the bravado of the websites unprepared to cave in to internet threats.