Monero ransom notes are being stuffed inside DDoS attacks

Hackers Are Stuffing Monero Ransom Notes Inside DDoS Attacks

Privacy-centric cryptocurrencies like Monero (XMR) are attractive to cybercriminals, who’ll seemingly do anything to get paid. Following a cryptojacking trend, hackers are now taking down websites with Distributed Denial of Service (DDoS) attacks, while demanding their victims pay a Monero ransom.

According to Fortune, these attacks are being launched against all types of targets. DDoS attacks essentially overload a website with fake traffic, to the point it gets knocked offline. Github recently fended off the biggest one ever recorded, with 1.35 terabytes of data coming in per second.

Cybersecurity company Akamai, which helped Github fend off the bombardment, revealed that recent DDoS attacks are filled with ransom notes. One note the company shared was buried inside the attack’s data, and read “Pay_50_XMR_To…” At press time, 50 XMR equals roughly $18,100.

While its normal for DDoS attacks to come accompanied with Bitcoin ransom notes, these usually aren’t buried inside the attack data. Hackers normally send their extortion notes via email, but these often end up in spam folders. Since the victim has to look at the attack to fend it off, it’ll always notice the ransom note this new way.

Chad Seaman, a senior engineer at Akamai’s security intelligence response team, stated:

“It’s actually like a DDoS attack with a phishing attack with an extortion attack all rolled into one. When we saw it we were like, huh, clever bastards.”

Senior manager for security intelligence at the company Lisa Beegle further revealed these attacks are novel for the company. She noted that they’ve seen “dozens upon dozens of extortion requests,” but none was in the attack data itself.

Beegle noted that by inserting the ransom note in the attack, the attackers were effectively making sure security analysts could see it. Akamai couldn’t tell whether any organization has paid any XMR ransom yet. The currency’s qualities prevent it from finding out.

Nevertheless, Beegle asserted that paying the ransom is never a good idea. According to her, it doesn’t guarantee the attackers will stop the attack, and if word got out an organization paid, more attackers would target it.

Moreover, Akamai researchers argue attackers could struggle to figure out which victim paid, given Monero’s anonymity. According to them DDoS attacks are never about the money, so a payment isn’t good enough for it stop. A blog post reads:

“If a victim were to deposit the requested amount into the wallet, we doubt the attackers would even know which victim the payment originated from, let alone stop their attacks as a result.”