Industry News

Identify who is behind DDoS blackmail plot, and earn yourself a Bitcoin bounty

Twenty-or-so years ago, Mel Gibson starred in the movie “Ransom”. It was a fun bit of hokum, where he told the people who kidnapped his son that he wouldn’t pay them the $2 million ransom they demanded, but instead offered a bounty for anyone who could catch the kidnappers – dead or alive.

Such fun!

Of course, that would never happen in real life, right? Right?

However, as Softpedia reports, two websites have taken a leaf from mad Mel’s book and have offered a bounty on the extortionists who are attempting to blackmail them with denial-of-service threats.

Here’s what happened.

Hacked.com and sister site CryptoCoinsNews.com were both hit by a distributed denial-of-service (DDoS) attack earlier this week. The attacks were accompanies by an email from the apparent attackers, threatening to inform the sites’ advertisers about the downtime unless a 2 bitcoin ransom was paid.

blackmail-email

Source: Softpedia

We are attacking your website now and we have taking it down for around 3 hours now.

Pay us 2 Bitcoins now to:
[Bitcoin address]

Or we will keep attacking your website, we have only used 20% of the machines we have enslaved by our Trojan

If you do not pay those 2 BTC today, you will have to pay 3 BTC tomorrow

Also, if I don’t receive those 2 BTC within an hour, I will start mailing all the advertisers on your website telling them that your website is down.

Pay me those 2 BTC and I will tell you the fatal security vulnerabilities on your site. Pay me those 2 BTC instead of losing the trust of the advertisers. Countdown began.

So, what would you do?

Well, the first thing is probably to ensure that your website is working properly. Fortunately, in this case, the sites were able to mitigate the threat and restore access for their readers.

But should you pay a ransom to blackmailers? I would strongly argue that you shouldn’t. Paying extortionists only tells them that you are a soft target – who can probably be fleeced for “protection money” time and time again, as the threat continues to hang over your head.

I’m pleased to say that Hacked and CryptoCoinNews didn’t pay the ransom. Instead, they counter-attacked.

In statement posted on the Hacked and CryptoCoinNews websites they announced that they are offering 5 bitcoin (approximately 1700 USD) to anyone who can provide the following information:

  • the ID(s) of the extortionists
  • Location (address)
  • Similar attacks on other sites/companies
  • Other relevant information

I’m not entirely convinced that it’s wise to goad online criminals in this fashion, but you have to respect the bravado of the websites unprepared to cave in to internet threats.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

3 Comments

Click here to post a comment