Key members of the DD4BC hacking and extortion group have been identified. One individual was arrested, while another one was detained, the police has confirmed on Tuesday.
Europol says that the Metropolitan Police Cyber Crime Unit in the UK identified key members of the group in Bosnia and Herzegovina. Police authorities from Australia, France, Japan, Romania, the USA, Switzerland and INTERPOL supported the coordinated activities.
For the past year and a half, the group has been attacking gambling and financial sites, DDoSing them and asking for Bitcoin to stop their attacks. The sites attacked were located all over the world, from North America to Australia. Europol says the group has grown bold recently, expanding its attacks to the entertainment sector and high-profile companies.
“Businesses that pay the ransom to the blackmailers risk appearing vulnerable and being targeted again for a higher amount,” the law enforcement agency said in its report.
“Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups. These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage,” said Wil van Gemert, Europol’s Deputy Director of Operations. “Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks. Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.”
Paul Nicholson, director of product marketing at cyber security firm A10 Networks commented: “Europol’s apprehension of the extortionists behind the DD4BT group signifies a high-profile win for law enforcement, but this isn’t the last we’ve heard of DDoS attacks for the purpose of ransom. Distributed denial of service attacks are easier to pull off than ever, which is why we are seeing them increasingly used as a means of gaining leverage over businesses that are highly reliant on the Internet.
"For organisations such as banks, financial institutions and even gambling websites, network downtime is equated with an immediate loss of revenue, which can lead them to give in to demands. Fortifying defenses must be these organisations’ top priority.”
Roland Dobbins, Principal Engineer at Arbor Networks commented: “It's a very positive sign. The serial DDoS extortionist model requires that in order to be successful, threat actors must be prolific, must keep a steady stream of attacks and potential targets in the pipeline, and must communicate interactively with the victims. This arrest shows that the above requirements mean that serial DDoS extortionists run a significant risk of being apprehended.
“Since DDoS monetary extortion has been around for 18 years or more, it isn't going away completely. But we do believe it will make some individuals considering engaging in this type of criminal activity to reconsider.
"Organisations which were attacked by DD4BC (and other DDoS extortionists) and which were prepared weren't affected. Preparation is key. Never pay!”