Skip to main content

Be aware of DDoS extortion

Release Date: 26 Jan 2017 3126 Views

 

HKCERT was aware that the DD4BC (Distributed Denial of Service for Bitcoin) attacks targeting SME were back to Hong Kong in Jan 2017. To minimize the potential security risk, user should take proactive actions to protect their IT systems.

 

What happened?

Recently some SMEs in Hong Kong received the attacker’s message that notified them that a small scale of DDoS attack had been launched against their IT systems. The attacker demanded victim to pay in bitcoins, or else they will launch a large scale DDoS attack to bring down its online service. Hong Kong Productivity Council had published a Chinese column article on it in 2016.[1]

 

Impacts

Victim may suffer from these:

  • IT service interruption.
  • Being extorted by attacker to pay ransom to stop the DDoS attack.

A sample ransom message[2]

 

Advisory

1. DO NOT pay the ransom
Paying ransom signaled to the attacker that such attack is effective and encourage him or her to extort you again. Paying ransom also funds the attacker to develop more sophisticated attacks.

 

2. Seek assistance from ISP
Normally ISP can provide services to deal with DDoS, for example anti-DDoS service and mitigation service, to block abnormal traffic from the upstream of the network and distribute the traffic.

 

3. Conduct regular security assessment of your IT systems
DDoS could be launched by various attack vectors, e.g. loopholes in network architecture or the security of the system software. Company should perform security assessment to evaluate and improve the security level of their IT systems periodically.

 

4. Protect your service
Block any unnecessary network exposure for your service. If there is no need to be accessed publicly, place it inside a closed LAN; otherwise, it should be protected by firewall.

 

 

To discourage DD4BC attack, please DO NOT pay the ransom. You should report the incident to the Police and your ISP to seek assistance. Other than that, the overall system security is crucial to prevent DDoS attack.

 

 

Reference:
[1] https://www.hkpc.org/zh-HK/corporate-info/media-centre/media-focus/203-corp-info/media-focus/6243-online-blackmail
[2] https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/ransom-attacks/
https://blogs.akamai.com/2015/07/dd4bc-operation-update-and-faq.html