A number of large UK corporations and institutions, such as Lloyds Bank and BAE systems, have reported a “marked increase” in Distributed Denial of Service (DDoS) attacks from the Bitcoin extortionist group DD4BC, which has been operational since last year. The increased aggressions appears concurrent with reports from other organisations. A cybersecurity case study released by Akamai identified 114 DD4BC attacks against the company’s customers since April 2015, with 41 cases taking place in June alone. In comparison, there were only 5 attacks in January and February 2015.
"The latest attacks—focused primarily on the financial service industry—involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publicly,” said Akamai Security Division executive Stuart Scholly in a press release.
58% of DD4BC's targets are financial institutions, according to Akamai. The group begins with ransom emails that state their demands, which vary anywhere between 1 and 100 bitcoins (about £160 to £16,000), a deadline for compliance, and warning of a “small, demonstrative attack.” Should the victim prove uncooperative, the figure is raised and a more forceful show of force is made. This technique is particularly effective against financial institutions as DD4BC threatens to publicise their attacks, negating the institution's reputation and trustworthiness.