RDOS is now a thing – and you don't want it!
I regularly speak to groups about cybercrime, or “Internet facilitated crime” for your industry elites that abhor the term cyber. I provide an example scenario where attackers utilize a dedicated denial of service (DDOS) attack to target small businesses. I classify it as a crime of extortion and explain how modern cyber-criminals use new technology to commit age-old crimes.
The scenario places a small independent florist at the mercy of a cyber attacker the week before St. Valentine's day. The floral shop's website is suddenly unreachable right at the most crucial time of the busiest week for a florist. A call to the website designer yields no results. Calls to website hosting provider add only more frustration from department transfers, language barriers, and offers for higher valued services that add more costs and “may” alleviate the problem.
After the site has been down for about 24 hours the first email arrives. An offer for help. From the devil himself, of course. The email tersely explains the website is under attack and it can stop for a one-time payment of 5 BTC. What is a BTC the panic shopkeeper thinks, and how the hell do I get some? The small business has little choice but to pay the ransom or lose even more by having the website offline during the busiest week of the year!
There is no difference between this situation and extortion in the physical world where the bad actor or mafioso gang demands a price to “keep the shop safe” and open for business. Think about the movie scene set in 1920 Brooklyn where the pinstriped suit man says to the butcher, “nice shop you have here. It would be a shame if you had a fire”. “Why would I have a fire?”, the confused butcher asks. The gangster then slyly commands, “things happen, but you won’t for five bucks a month, I’ll make sure of it”. Of course, the fire protector is also the fire setter if the monthly fee is not paid.
Cyber Threat Actors are making my scenario come true. And we even have a new name for it – RDOS attacks or Ransom Denial of Service attacks. The FBI reports that businesses are receiving emails promising a full DDOS attack on their systems if they do not make a payment in bitcoin. The attackers are demanding between 10 BTC and 20 BTC.
This is more extortion rather than a ransom as a ransom demand would come after the systems were under attack. The demand for payment to prevent an attack is extortion, the demand for payment to stop the attack is a ransom. Insignificant clarification but one that should be made.
Bleeping Computer has a full explanation and specifics here.
As always– if you receive such an email – Do Not Pay the Fee! Immediately file a report with the Internet Crime Complaint Center site at https://www.ic3.gov. If your website is actively under DDOS attack – contact your local FBI field office to file a report and receive guidance. You can find the public access phone number for the closest FBI office at https://www.fbi.gov/contact-us/field-offices.