New DDoS Attack Delivers an Extra Payload: A Cryptocurrency Ransom Note

There are two sides to every coin. While cryptocurrencies are changing lives for the better, cyberpunks are also using these revolutionary technologies to carry out inventive cyberattacks.

Heartless Hackers

The distributed-denial-of-service (DDoS) attack is quite annoying and at the same time heartbreaking. While there have been countless cases of cyberattacks to date, one of the most notable DDoS attacks remains the WannaCry ransomware which held over 200,000 computers in the world hostage back in 2017 and demanded bitcoin payments.

Now, hackers have even upgraded the severity level of their mischievous acts by combining DDoS attacks with cryptocurrency in more inventive ways.

GitHub, a popular web-based hosting service that focuses on code sharing, was the target of a particular type of DDoS attack, dubbed the memcached attack, on February 28, 2018. If not for the timely intervention and expertise of the Akamai team who helped fend off the attack, GitHub users would have been quite heartbroken by now.

An excerpt from the incident report read:

“On Wednesday, February 28, 2018, GitHub.com was unavailable from 17:21 to 17:26 UTC and intermittently unavailable from 17:26 to 17:30 UTC due to a distributed denial-of-service (DDoS) attack. We understand how much you rely on GitHub and we know the availability of our service is of critical importance to our users. To note, at no point was the confidentiality or integrity of your data at risk.”

Clever in a Bad Way

According to cybersecurity researchers at Akamai, a Content Delivery Network (CDN) based in Massachusetts, U.S., hackers have designed a brand new method of carrying out DDoS attacks. Buried under the traffic deluge aimed at grinding a victim’s web traffic to a standstill are ransom notes.

The beginning of the embedded ransom note read, “Pay_50_XMR_To_456786Lg[…]” and proceeded to provided a monero (XMR) address.

Shedding more light on their findings, senior engineer at the firm’s intelligence security team, Chad Seaman, noted that:

“It’s actually like a DDoS attack with a phishing attack with an extortion attack all rolled into one. When we saw it, we were like, huh, clever bastards.”

Lisa Beegle, a senior manager for security intelligence at Akamai, added, “This is a first for us. We’ve seen dozens upon dozens of extortion requests, but never in the payload itself, so to speak.” As a DDoS attack tries to knock an organization’s website offline, security researchers will examine the incoming packets and find the ransom note embedded within.

Never Pay the Ransom

The security experts have said that it is almost impossible to find out whether any company has actually paid the cryptocurrency ransom because the attackers always request to be paid in monero, which is a more fungible than bitcoin. It is not possible to look up the address provided in the ransom note on a block explorer or track the origin or destination of funds as you would with bitcoin.

Beegle also stated that it’s never a good idea for companies or victims of these attacks to cave to the crackers’ demands as such actions does not guarantee users gaining access to their computers and it will further motivate the criminals to wreak more havoc.

“If a victim were to deposit the requested amount into the wallet, we doubt the attackers would even know which victim the payment originated from, let alone stop their attacks as a result. Even if they could identify who’d sent the payment, we doubt they’d cease attacking their victim as it was never really about the money anyways,” the Akamai researchers wrote on their company blog.

If a code repository like GitHub could be attacked, it sure means no one is truly safe from these attacks. But even at that, try as much as possible to protect your computers with the best software available and if the worst still happens, do not ever pay the ransom!

Source: Read Full Article