Recently, a criminal gang has started conducting DDoS attacks against some of the largest financial service providers in the world, while demanding ransom in Bitcoin from the potential victims so that its members can stop their attacks. A few days ago, the DDoS gang blackmailers attacked financial services, specifically money transfer services. PayPal, MoneyGram, YesBank India, Braintree and Venmo. It New Zealand Stock Exchange (NZX), which stopped trading for the third day in a row, is also among the gang victims.
According to a report published on August 17, the gang behind these attacks targeting PayPal and other financial services appears to be what is known as "Akamai". In addition, DDos gang blackmailers use names like "Armada Collective" and Fancy Bear, which have been borrowed from the most famous hacking groups, aiming to send email target companies and threaten them with DDoS attacks, which can have significant financial costs for the affected businesses. However, this could be avoided if victims agree to pay a huge ransom in Bitcoin.
These types of attacks are well known as “DDoS extortions” or as “DDoS-for-Bitcoin” and were first observed in the summer of 2016. In recent years, such attacks have become more frequent, with DDoS blackmailers attacking their target victims and demanding large rewards so as not to cause them financial or other harm. However, the group that seems to be active this month, is one of the most dangerous that have been revealed since 2016 when this trend started.
On August 24, Akamai reportedly launched DDoS complex attacks that, in some cases, reached 200 Gb / sec, while some of the attacks that started this week have reached 50 to 60 Gb / sec. Therefore, it seems that this is a team that has a lot of skills in the field of DDoS attacks.
Unlike other DDoS blackmailers who often target their victims' public sites, this new team has repeatedly targeted the backend infrastructure, the endpoints API and DNS servers, which explains why some of the DDoS attacks that took place this week led to severe and prolonged outages operation to some of their goals.
For example, in the case of NZX, the team has repeatedly targeted Spark, the stock exchange hosting provider, resulting in the shutdown for the other clients of the provider.
In addition, the team showed its skills and complexity by frequently changing protocols abused for DDoS attacks, making it difficult for defenders to prepare and predict how the next attack will take place and develop protections required to avoid such a thing.
Finally, DDoS target companies of extortionists, such as PayPal and other financial services, are advised not to pay the ransom they are asked for, but instead should secure their services as much as possible to avoid falling victim to such attacks.