“DD4BC,” a cybercriminal group that has launched distributed denial of service (DDos) attacks on bitcoin mining companies, exchanges and Hong Kong Banks since mind-2014, have begun to target financial institutions including brokerages, banks and financial organization in Europe, Australia and U.S.
According to Akamai, a Massachusetts based content delivery network, DD4BC has carried out 87 attacks specifically on financial institutions, and have shifted its focus from bitcoin startups to banks and financial organizations over the past few months.
During the last three months, the hacking group has launched 114 attacks in total, which is more than the number of attacks combined since mid-2014 to March 2015.
The DDoS attacks on banks and financial institutions have alerted U.S. law enforcements and government agencies including the FBI and the Financial Industry Regulatory Authority. The security specialists and agencies advice banks and companies to never pay the ransom. Intelligently however, DD4BC have targeted corporate websites of large banks, which could cost them up to US$100,000 to regulate the attacks.
The hacking group hasn’t launched long-term DDoS attacks that could severely affect large banks and organizations just yet. However, DD4BC have been initiating attacks which last for an hour, to show its impact and “seriousness.” Then, the hacking group demanded organizations and companies to pay up to 100 bitcoins or US$25,000 in a given time.
A section of one of the emails sent by DD4BC read,
“All servers of [name] group are going under DDoS attack until you pay 40 Bitcoin. Right now we are running small demonstrative attack on one of your IPs…
We are giving you 24 hours to get it [bitcoin] and pay us. Current price of 1 BTC is about 250 USD, so we are cheap, at the moment. But if you ignore us, price will increase.”
DD4BC has previously gathered the attention of Hong Kong police and law enforcements for targeting two of the largest financial institutions in Hong Kong with distributed denial of service attacks and demanding payments in bitcoin. Cyber Security and Technology Crime Bureau of Hong Kong classified the case as a “blackmail” and conducted several investigations to identify the hackers behind the DDoS attack.
Since then, DD4BC has shifted its focus from bitcoin startups and exchanges to large financial institutions and global banks.