“Know what you’re capable of. Know what you can do to defend yourself,” said Martin McKeay (@mckeay), security advocate for Akamai, to those companies who have received threatening letters from DD4BC or DDoS for Bitcoins.
In our conversation at Security BSides Las Vegas, McKeay explained that DD4BC is a group sending hundreds of merchants and banks extortion letters saying either pay us 25 bitcoins or we’re going to DDoS your company. It’s a threat that would generate far worse financial pain than the extortion threat which is valued today at about $7,125.
These threats aren’t empty said McKeay. Some companies have suffered DDoS attacks for not paying up and McKeay suspects that some companies have been avoiding the attacks by paying the extortion.
Then there’s the problem of a series of copycat letters that have no intention of doing anything. They’re probably just trying to see how much money they can make from a similar extortion threat.
There are a number of companies like Akamai that can defend against DDoS attacks. You should have such protection but you should basically understand what defenses you have and can build to withstand such types of blatant extortion tricks.
Feeding back this information is valuable. Yes, it is difficult to track back this information, but as McKeay says, the more points of information these federal agencies have, the more they can do.