FBI Recommends Victims to Pay Hackers Demanding Bitcoin Ransoms
Over the past few months notorious hacking groups have targeted financial institutions, large tech corporations and popular web platforms like Ashley Madison and the Bank of China.
Over the past few months notorious hacking groups have targeted financial institutions, large tech corporations and popular web platforms like Ashley Madison and the Bank of China. The attacks ranged from a series of DDoS attacks to severe data breaches, leading to the loss of sensitive user data.
These hackers often prefer bitcoin as their main medium of payment, due to its peer to peer decentralized ledger, which enables instantaneous transactions and asset settlement.
With the use of various scramblers and dark wallets, hackers can easily produced hundreds of addresses, and distribute the funds anonymously, requiring months of intense investigation to actually derive the origin of the transactor.
In early 2015, the infamous DD4BC started targeting financial institutions with long-term DDoS attacks, disabling corporate websites, banking systems and databases for as long as 48 hours, costing banks around US$100,000 per hour to deal with the bandwidth consumed by a DDoS attack.
Stuart Scholly, Senior Vice President & General Manager, Security Division at Akamai stated that "DD4BC has been using the threat of DDoS attacks to secure Bitcoin payments from its victims for protection against future attacks."
Akamai is known for helping enterprises provide secure, high-performing user experiences. The company recently released a case study about distributed denial of service (DDoS) attacks from the extortionist group DD4BC.
"The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publically."
- Stuart Scholly, Akamai
Over time, anonymous hacking groups switched over to consumer-based web platforms like Ashley Madison, a Canada-based online dating service to target individual users with bitcoin-based ransoms.
Hackers quickly took over 90% of the servers of Ashley Madison, seizing millions of user accounts and sensitive financial details. Some groups even managed to obtain credit card and bank account details with personal details like addresses, phone number, email addresses and social security numbers, threatening Ashley Madison users to publicize the information on the internet.
"Unfortunately your data was leaked in the recent hacking of Ashley Madison and I know have your information. I have also used your user profile to find your Facebook page, using this I can now message all of your friends and family members.”
— – DD4BC
However, local authorities including New Zealand’s government agency NetSafe advised users not to send any bitcoins to these hackers, as there is no guarantee that the information will not be posted online after they receive the payments.
"It’s a public data set, so there’s absolutely no guarantee that paying will decrease the possibility of the information being made public. In fact, paying the ransom is likely to make you more of a target and just receive more and more requests for money,” announced NetSafe Executive Director Martin Cocker.
Last week, the FBI recommended that all victims of these hacking threats and data breaches pay the hackers. “The ransomware is that good,” FBI Assistant Special Agent Joseph Bonavolonta explained to an audience of business and technology leaders during the Q&A at the 2015 Cyber Security Summit.
“We often advise people just to pay the ransom.”
— – Joseph Bonavolonta, FBI Assistant Special Agent
“The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom,” Bonavolonta added.
According to a study released by Threat Hack on March 31, 2015, 30% of organizations surveyed said that they would negotiate with cyber criminals for the recovery of infected or stolen data.
“But these incidents might be more common than any news reports or official figures will tell us, because companies are less likely to report these incidents — not to the public, and not to law enforcement,” said Stuart Itkin, senior vice president of ThreatTrack.
Brave New Coin reaches 500,000+ engaged crypto enthusiasts a month through our website, podcast, newsletters, and YouTube. Get your brand in front of key decision-makers and early adopters. Don’t wait – Secure your spot and drive real impact in Q4. Find out more today!