Hackers Are Stuffing Monero Ransom Notes Inside DDoS Attacks

Hackers Are Stuffing Monero Ransom Notes Inside DDoS Attacks

Privacy-centric cryptocurrencies like Monero (XMR) are attractive to cybercriminals, who’ll seemingly do anything to get paid. Following a cryptojacking trend, hackers are now taking down websites with Distributed Denial of Service (DDoS) attacks, while demanding their victims pay a Monero ransom.

According to Fortune, these attacks are being launched against all types of targets. DDoS attacks essentially overload a website with fake traffic, to the point it gets knocked offline. Github recently fended off the biggest one ever recorded, with 1.35 terabytes of data coming in per second.

Cybersecurity company Akamai, which helped Github fend off the bombardment, revealed that recent DDoS attacks are filled with ransom notes. One note the company shared was buried inside the attack’s data, and read “Pay_50_XMR_To…” At press time, 50 XMR equals roughly $18,100.

While its normal for DDoS attacks to come accompanied with Bitcoin ransom notes, these usually aren’t buried inside the attack data. Hackers normally send their extortion notes via email, but these often end up in spam folders. Since the victim has to look at the attack to fend it off, it’ll always notice the ransom note this new way.

Chad Seaman, a senior engineer at Akamai’s security intelligence response team, stated:

“It’s actually like a DDoS attack with a phishing attack with an extortion attack all rolled into one. When we saw it we were like, huh, clever bastards.”

Senior manager for security intelligence at the company Lisa Beegle further revealed these attacks are novel for the company. She noted that they’ve seen “dozens upon dozens of extortion requests,” but none was in the attack data itself.

Beegle noted that by inserting the ransom note in the attack, the attackers were effectively making sure security analysts could see it. Akamai couldn’t tell whether any organization has paid any XMR ransom yet. The currency’s qualities prevent it from finding out.

Nevertheless, Beegle asserted that paying the ransom is never a good idea. According to her, it doesn’t guarantee the attackers will stop the attack, and if word got out an organization paid, more attackers would target it.

Moreover, Akamai researchers argue attackers could struggle to figure out which victim paid, given Monero’s anonymity. According to them DDoS attacks are never about the money, so a payment isn’t good enough for it stop. A blog post reads:

“If a victim were to deposit the requested amount into the wallet, we doubt the attackers would even know which victim the payment originated from, let alone stop their attacks as a result.”

05.03.2018 / 11:06 101
Bitcoin Cash Gaining Acceptance in Ransomware Community Bitcoin Cash Gaining Acceptance in
Bitcoin Cash has started to gain more acceptance – at least, in the field of ransomware. Fork Over Your Bitcoin… Cash Security researcher
Monero Surges As ‘MoneroV’ Hard Fork Approaches – But Buyers Beware! Monero Surges As ‘MoneroV’ Hard Fork
Monero is riding high this week as the hype surrounding the soon-to-be forked MoneroV swells – but will it last? When Moonero? In only the span of
How Hacked Widgets Help Criminals Mine Monero How Hacked Widgets Help Criminals Mine
Covert cryptocurrency mining is shaping up to be the new mainstay of cybercrime. Crooks hack servers, personal computers, and mobile devices and take
US Regional Banks Begin to Cite Crypto as Business Risk US Regional Banks Begin to Cite Crypto
It's not just America's biggest banks that are worried about cryptocurrency competition, public filings show. WesBanco, according to the latest 10-K
Will Lightning Help or Hurt Bitcoin Privacy? Will Lightning Help or Hurt Bitcoin
Faster, cheaper bitcoin transactions? Check. But at what cost? For bitcoin users, many of whom were drawn to cryptocurrency for its promise of
First Bitcoin Cash Ransomware Makes It Impossible to Decrypt Files First Bitcoin Cash Ransomware Makes It
Ransomware extortionists have seemingly started using Bitcoin Cash (BCH) for ransom payments as well, according to a report published by Bleeping
Comments (0)
Add a comment
Comment on