FBI warns businesses of spike in email/DDOS extortion schemes

The FBI said there has been a significant uptick in the number of businesses being hit with extortion schemes where a company receive an e-mail threatening a Distributed Denial of Service (DDoS) attack to its Website unless it pays a ransom, usually in varying amounts of Bitcoin.

The report comes from the FBI’s partner, the Internet Crime Complaint Center (IC3) which stated that victims that do not pay the ransom receive a subsequent threatening e-mail claiming that the ransom will significantly increase if the victim fails to pay within the time frame given. Some businesses reported implementing DDoS mitigation services as a precaution.

“Businesses that experienced a DDoS attack reported the attacks consisted primarily of Simple Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, WordPress XML-RPC reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit,” the IC3 stated in the warning.

Based on information received at the IC3, the FBI suspects multiple individuals are involved in these extortion campaigns. The attacks are likely to expand to online industries and other targeted sectors, especially those susceptible to suffering financial losses if taken offline.

+More on Network World: +

 Last week MarketWatch had a story that more than 100 companies, including targets from big banks to brokerages in the financial sector, have received distributed denial of service threats since about April, says Richard Jacobs, assistant special agency in charge of the cyber branch at the FBI’s New York office. With these types of attacks, known as DDoS, criminals jam websites by flooding them with useless traffic.

Others have noted the uptick as well. The number of distributed denial-of-service (DDoS) attacks in first quarter of 2015 more than doubled the number of DDoS attacks in Q1 of 2014, according to Akamai Technologies’ Q1 2015 State of the Internet Security report.

According to a port this week from CIO.com, the Royal Bank of Scotland group of banks suffered nearly a fifty minute outage to their on-line banking systems as a result of a Distributed Denial of Service Attack. The banks affected included, Royal Bank of Scotland (RBS), NatWest, and Ulster Bank. A spokesperson from NatWest said in a statement “The issues that some customers experienced accessing on-line banking this morning was due to a surge in internet traffic deliberately directed at the website. At no time was there any risk to customers. Customers experienced issues for around 50 minutes and this has now been resolved.”

The report went onto state: In May of this year, the Swiss Governmental Computer Emergency Response Team (GovCERT.ch) issued a warning relating to an increase in DDoS extortion attacks attributed to a group called DDB4C. GovCERT.ch highlight that the gang had previously operated against targets in other regions but were now targeting organizations in Europe. GovCERT.ch explained that the attacks by these groups are typically amplification attacks abusing the NTP, SSDP or DNS protocols.

+More on Network World: A true story of combating a large-scale DDoS attack+

Check out these other hot stories:

FAA has approved more than 1,000 drone exemptions

Human error to blame in fatal crash of Virgin Galactic’s spacecraft

Threat or menace?: Gaging electromagnetic risks to the electric grid

Expect more prize competitions to address tough IT, high-tech challenges

Here’s how to keep your employees engaged in their jobs

FBI, international law units smash infamous hacker bazaar Darkode

NASA algorithms keep unmanned aircraft away from commercial aviation

CIA: Julia Child and the shark repellant recipe