DDoS Extortionist’s Behaviors

Core Themes to Remember with DDoS Extortionist

  • The DDoS extortionists continue their campaigns. They will only stop when they are arrested, feel threatened by arrest, or exhaust their pool of DDoS Extortion victims. The Internet is big with a lot of potential DDoS Extortion victims.
  • Invest in DDoS Preparation. We know a lot about these miscreants, but it’s also critically important to prepare for customer situations by understanding our processes and by being aware and knowledgeable about the materials listed below.
  • Call in Law Enforcement! DDoS Extortion only Stops when there is an Arrest or the Money Drys up! We — the public-private partnerships — do find and arrest the DDoS Extortionist. That only happens if the victims report the crime to the national/local police. If the local police do not know how to handle the case, ask them to contact the National Cyber-Forensics and Training Alliance (NCFTA). NCFTA plugs in law enforcement all over the world, works with Interpol, Europol, ISACS, and a range of private industry partners. NCFTA will always be in the middle of a big DDoS Extortion campaign.
  • Do not let down your guard! DDOS Extortion happens in cycles. DDoS Extortion has been coming every other year since the early 2000s with miscreants figured out that Extortion Protection Racket works on the Internet. They have continued to evolve over time using crypto-currency.
  • Do not think you are “immune” from DDoS Extortion. DDoS Extortion is about the criminals figuring out how to motivate you to give them money. Once they know how to get money from you, they will put you on the target list.

Understanding the DDoS Extortionist Behavior

  • Their goal is to make money through criminal extortion. No potential for money = no attack.
  • They do their homework. They figure out the emails that are most likely to see and react to the extortion letters.
  • They scout their targets. They look for easy targets that take the least effort. Their goal is NOT to work too hard. Their first targets could be DNS Authoritative servers, web properties, API services, and other easy elements that can be whacked with a basic DDoS attack.
  • They focus on industry verticals. We saw the miscreants start on Financial Services then migrate to Travel, then move on to other verticals. If we see an organization in one industry get hit (e.g. Oil and Natural Gas) expect a focus on peer companies within that industry.
  • They pivot quickly. Their goal is to make money through criminal DDoS extortion. If organizations do not respond, then there is no point in persisting. They will move on to other targets.
  • Many organizations have not been paying attention to the DDoS risk! Basic DDoS preventative actions work. The guides included later in this blog provide low-cost, low-risk countermeasures to mitigate DDoS risk when threaten by an extortionist.
  • DNS authoritative name servers are targeted. DNS is critical to all Akamai services (see Akamai Reference Architectures). Migrating customers to Edge DNS has been a proven tactic in mitigating attacks from DDoS extortionists. There is a new guide to help customers review their DNS Resiliency options: Rapid Edge DNS Onboarding — DDoS Attacks Against DNS.

Using DDoS Extortion Behaviors to Prioritize Your Response

What is Next?




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cryptocurrency Sim Card Hack & Ongoing Class Action Lawsuits

How much does it cost to build a 24x7 SOC?

Understanding User Consent and Non-Consent Data in Fintech Businesses

Exploiting ILIAS learning management system

What is SSO Authentication and how it works?

{UPDATE} Prinsessa Öga tatuering Målning Hack Free Resources Generator


Spy:Co Birthday Party Social Media competition — Win a Free Spy:Co Party

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Barry Greene

Barry Greene

More from Medium

Is It Fair? My Date With Tonetta

One of the Best SAP-FICO Training Centers in Kolkata

SAP-FICO Training center in Kolkata

Tips for setting up email servers and unblocking SMTP port 25

Tips for setting up email servers and unblocking SMTP port 25

Amy Schumer’s comic yet critical voice