Ransom DDoS–How hackers use DDoS for Extortion.

Jerry wakes up to a mid-December morning. Outside it’s still dark, but even without his glasses on he can see the sun’s first rays glancing off the fresh snow in his backyard. He finds his glasses on the nightstand, and meanders over to his laptop to check the email. He’s in a good mood, because this holiday season his Ecommerce website is hitting record sales. Just now he’s shaking off the remains of sleep when this message pulls him screaming out of his haze:

What would you do if you woke up to a DDoS ransom note? Quite a shock. In fact, very few SMB’s are prepared for such a cyber attack.

Distributed Denial of Service (DDoS) attacks are becoming the hacker’s preferred method for extorting and disrupting websites, large and small. Although there are many types of DDoS, they all work by sending swarms of bot-generated requests to take down servers.

Botnets for Hire

Hackers get the firepower for their DDoS attacks by assembling large hordes of computers called botnets. These malicious commanders gather their armies by infecting innocent computers with sneaky malware like Trojans. In fact, your computer may be infected right now without you knowing; it is common for infected computers to carry out their attacks when not being used by their human owners. Once assembled, the “Bot herder”, or lead hacker, directs the assault from a remote location. Good hackers leave little trace of their whereabouts, and many operate without fear of reprisal or punishment.

The Black Market

Just beneath the surface of legitimate online business lies a festering layer of nefarious transactions. Here is where extortionists can find hackers offering their botnet services. A customer in the black market can buy, or rent thousands, or hundreds of thousands of bots for as little as a couple hundred dollars a day. Savvy hackers even offer “try before you buy” options for their botnets.

But it doesn’t stop there. For all you Do It Yourself people out there, the black market offers ‘user-friendly’ starter kits for initiating your very own DDoS attack. The kits come with botnets already assembled, batteries not included.

Jerry’s Dilemma

Let’s check back in with our hero, Jerry. He has just learned that he is being extorted with a DDoS attack if he does not pay up.

Jerry never expected to be hit with DDoS. His business was successful, but not enough to make him a target, right? Actually, SMBs are more of a target than large institutions. Hackers tend to go after easy targets that don’t have sophisticated security protection. Think of it this way; if you were a thief, would you rather rob a laser-guarded, high tech vault? Or a cash register protected by a distracted teenager? Jerry’s rude awakening is just one example of a relatively common occurrence.

But Jerry snapped to his senses. He remembered the same thing happened to his neighbor, Arnold. What did Arnold say again? “You don’t need these old-school hardware protection services. We have a Cloud-based service that only works when we get attacked.” Oh Arnold, you always come through! Jerry put on his bathrobe, made some calls, and his company was protected by lunchtime. Bring it on, hacker.

You don’t have to break the bank to protect your business. Don’t let hackers take advantage of your position in the market. Protect your business like the big boys, without the big bucks.