As Bitcoin price surges, DDoS extortion gangs return in force | ZDNet Edition: Asia Australia Europe India United Kingdom United States ZDNet around the globe: ZDNet France ZDNet Germany ZDNet Korea ZDNet Japan Search What are you looking for? Go Videos Windows 10 5G Best VPNs Cloud Security AI more TR Premium Working from Home Innovation Best Web Hosting ZDNet Recommends Tonya Hall Show Executive Guides ZDNet Academy See All Topics White Papers Downloads Reviews Galleries Videos TechRepublic Forums Newsletters All Writers Preferences Community Newsletters Log Out What are you looking for? Go Menu Videos Windows 10 5G Best VPNs Cloud Security AI TR Premium Working from Home Innovation Best Web Hosting ZDNet Recommends Tonya Hall Show Executive Guides ZDNet Academy See All Topics White Papers Downloads Reviews Galleries Videos TechRepublic Forums Preferences Community Newsletters Log Out us Asia Australia Europe India United Kingdom United States ZDNet around the globe: ZDNet France ZDNet Germany ZDNet Korea ZDNet Japan As Bitcoin price surges, DDoS extortion gangs return in force Companies are receiving emails from cyber-criminals threatening large DDoS attacks unless a ransom is paid. Some groups are delivering on their threats. By Catalin Cimpanu for Zero Day | January 22, 2021 -- 15:30 GMT (07:30 PST) | Topic: Security Image via PIRO4D Extortion groups that send emails threatening companies with DDoS attacks unless paid a certain fee are making a comeback, security firm Radware warned today. In a security alert sent to its customers and shared with ZDNet this week, Radware said that during the last week of 2020 and the first week of 2021, its customers received a new wave of DDoS extortion emails. Extortionists threatened companies with crippling DDoS attacks unless they got paid between 5 and 10 bitcoins ($150,000 to $300,000). Radware said that some of the emails it seen were sent by a group that was active over the 2020 summer when the extortionists targeted many financial organizations across the world. Companies that received this group's emails last summer also received new threats over the winter, Radware said. The security firm believes that the rise in the Bitcoin-to-USD price has led to some groups returning to or re-prioritizing DDoS extortion schemes. But Radware said that the Bitcoin price surge was so sudden and unexpected that it caught even some groups by surprise. Extortionists also had to adapt and reduce their demands over time, going from requesting 10 BTC to 5 BTC, as in some cases, the extortion fee would have been too large for some companies to pay, as the Bitcoin price tripled since August 2020. And just like in the summer of 2020, Radware said that these DDoS extortion groups had the firepower to deliver on their threats. Radware said it saw some organizations being targeted with DDoS attacks after receiving the extortion emails. Attacks typically lasted around nine hours and ranged around 200 Gbps, with one attack peaking at 237 Gbps. Image: Radware But this resurgence in DDoS extortion tactics was also documented by Lumen's Black Lotus Labs, which reported on their comeback last week. The former CenturyLink division, now part of Lumen, said these schemes never actually stopped, although the frequency of these email threats died down over the fall, compared to their prevalence over the summer. Just like before, the DDoS extortion gangs also kept using the names of more famous hacking groups to send their threats, hoping to intimidated victims. Attackers used names such as Fancy Bear, Cozy Bear, Lazarus Group, and Armada Collective. But towards the end of the year, Black Lotus Labs reported that some of these extortion emails were also signed using the name of Kadyrovtsy, the name of an elite Chechen military group that has also been associated with DDoS gangs and extortionists in the early 2010s. Both Black Lotus Labs and Radware recommended that companies not pay the ransom as this merely invites more extortions in the future. Instead, companies are advised to request additional protection against any potential attacks from their security providers. Security Hacker leaks data of 2.28 million dating site users Cyber security 101: Protect your privacy from hackers, spies, and the government The best antivirus software and apps The best VPNs for business and home use The best security keys for two-factor authentication How ransomware could get even more disruptive in 2021 (ZDNet YouTube) Homebrew: How to install post-exploitation tools on macOS (TechRepublic) Related Topics: Security TV Data Management CXO Data Centers By Catalin Cimpanu for Zero Day | January 22, 2021 -- 15:30 GMT (07:30 PST) | Topic: Security Show Comments LOG IN TO COMMENT My Profile Log Out | Community Guidelines Join Discussion Add Your Comment Add Your Comment More from Catalin Cimpanu Security Webdev tutorials site SitePoint discloses data breach Security Google Chrome sync feature can be abused for C&C and data exfiltration Security Plex Media servers are being abused for DDoS attacks Security Google patches an actively exploited Chrome zero-day Please review our terms of service to complete your newsletter subscription. By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy. You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time. You agree to receive updates, alerts, and promotions from the CBS family of companies - including ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe at any time. By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy. Continue Newsletters See All See All Related Stories 1 of 3 Every Google Chrome user should click this button now Whether you're using Google Chrome on a Windows system or on a Mac, you should go find and click this button now. Webdev tutorials site SitePoint discloses data breach SitePoint admits data breach after one million user creds were sold on a hacking forum last December. Stop trying to take humans out of security operations The core capabilities of human beings are AI's blind spots; "humanness" is simply not yet ,or possibly ever replicable by artificial intelligence. We have yet to build an effective ... Google Chrome sync feature can be abused for C&C and data exfiltration A security researcher has found a malicious Chrome extension in the wild abusing the Chrome Sync process. Best VPN services in 2021: Safe and fast don't come free Virtual private networks aren't essential only for securing your unencrypted Wi-Fi connections in coffee shops and airports. Every remote worker should consider a VPN to stay safe ... Google kills The Great Suspender: here's what you should do next The Great Suspender, an extension that automatically shut down tabs you weren't using, has been blocked by Google "because it contains malware." That's left users with lost tabs ... Woman pleads guilty for using gov’t PC to steal photos of 'snitches' in Iowa The photos were shared in a group dedicated to outing “law enforcement cooperators.” Cisco warns of critical remote code execution flaws in these small business VPN routers But it's not releasing patches for some of the affected devices that reached end of life. Founder of cryptocurrency hedge funds charged over $90 million theft Clients were allegedly lied to when they queried where their funds were being invested. ZDNet Connect with us © 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use Topics Galleries Videos Sponsored Narratives Do Not Sell My Information About ZDNet Meet The Team All Authors RSS Feeds Site Map Reprint Policy Manage | Log Out Join | Log In Membership Newsletters Site Assistance ZDNet Academy TechRepublic Forums