CCN.com and sister-site Hacked have both been targeted in a DDoS attack by extortionists demanding a bitcoin payment. The extortionists also claimed further threats in exchange for a ransom.
CCN.com, a prominent resource and news outlet for readers looking into bitcoin-, alternative currencies-, block chain-, and fintech-related news was the target of a DDoS attack earlier this morning.
One of the extortionists, going by the name ‘Jon’, sent in an email demanding 2 Bitcoins to reveal ‘fatal security vulnerabilities’ on the website while threatening to contact our advertisers to let them know the websites are down.
However, all we had to do was to amp up our DDoS protection to mitigate the attacks; and we’re back online.
The following is a screenshot of the email received:
Taken from the email, ‘Jon’ said:
Pay us 2 Bitcoins now to: 18RJA5BpFe4CGDFQG59jLNhPqYCRaEFng1
The extortionist added:
[Pay us now] or we will keep attacking your website, we have only used 20% of the machines we have enslaved by our Trojan.
One presumes the machines being referred to are a part of a malicious botnet.
Additional details from the email include:
Received: from mout.gmx.com ([74.208.4.201]): 49517)
(Exim 4.86)
(envelope-from <[email protected]>)
id 1a0jKs-00029h-BY
for X; Mon, 23 Nov 2015 00:06:42 -0500
Received: from [185.57.80.163] by 3capp-mailcom-lxa08.server.lan (via HTTP);
Mon, 23 Nov 2015 06:06:04 +0100
MIME-Version: 1.0
Message-ID: <trinity-8fc94d33-e89c-4034-8075-4aab03ef0c8f-1448255163969@3capp-mailcom-lxa08>
From: “Peter Evans” [email protected]
5 Bitcoins Bounty
If you can help us identify the extortionists in a way that leads to a successful police report, you will receive five bitcoins, with gratitude.
We would need to know the following:
- ID(s) of the extortionists
- Location (address)
- Similar attacks on other sites/companies
- Other relevant information
Send your material to [email protected]
DDoS-based Extortion on the Rise
DDoS-based extortion demands seeking Bitcoin have been increasing lately with CCN.com reporting multiple incidents in recent times. There was the recent case of an actual kidnapping of a Hong Kong billionaire by a criminal gang in Taiwan who demanded HK$70 million (approx. 30,000 BTC at the time). He was rescued. Encrypted email provider ProtonMail recently paid 15 Bitcoins as ransom — albeit grudgingly — in an attempt to stop a series of DDoS attacks. The incident was also speculated to be a part of a wider conspiracy of a possible state-sponsored motive to disrupt the encrypted email provider, the kind of service used by activists, journalists and those embracing privacy and encryption.
While the DDoS attacks lead to CCN.com and Hacked being down for a few hours, both websites are back online with increased protection to block the DDoS disruptions.
Featured image from Shutterstock.
