FBI Warning! Businesses Are Threatened with DDoS Attacks Unless Extortion Money Is Paid

If you're running an illegal business that the authorities would like to shut down, you are highly unlikely to call the police or FBI if a cyber attack is affecting your business. And so it is that online operators of "unregulated activities" such as illegal gambling sites are finding themselves to be the victims of extortion campaigns threatening DDoS attacks unless protection payment is made in Bitcoins.

Frequent extortion campaigns of these unregulated businesses have been going on for at least a year, but now the FBI says the campaigns are targeting legitimate businesses operating in the private sector.

In a June 2015 notification published by the Federal Bureau of Investigation Cyber Division, the FBI explains:


In a typical scenario, a short-term DDoS attack is conducted on a victim’s web site lasting for approximately one hour. The DDoS is followed by an e-mail containing an extortion demand for payment via Bitcoin. If the victim has not paid the demanded payment, there is usually a second, more powerful DDoS attack within 24 hours, which lasts for an additional hour. This is followed by a second e-mail warning and extortion demand with an increased price.

The FBI adds that, in most cases, victim companies have successfully mitigated the attack using third party DDoS mitigating services rather than paying the ransom. The agency has published the following technical details of what the targeted businesses have experienced:


  • The first DDoS attack is usually delivered prior to the sending of a ransom demand at 20-40 Gigabytes per second (Gbps) with a duration of approximately one hour.
  • After the initial DDoS attack, an extortion email is sent to the victim introducing the attacker, highlighting the initial demonstrative DDoS attack, and demanding payment in Bitcoin (ranging from 20-40) to ensure no further DDoS attacks are conducted against the business. If payment does not occur within 24 hours, a second demonstrative DDoS is generally conducted at a higher rate (40-50 Gbps) for an additional hour followed by an additional extortion e-mail.
  • The types of DDoS attacks primarily consist of Simple Service Discovery Protocol (SSDP) and Network Time Protocol (NTP) reflection/amplification attacks with the occasional SYN-flood and, most recently, WordPress XML-RPC reflection/amplification attacks.

Don't let cyber criminals take your business offline!

We encourage all legitimate businesses to be aware of this extortion scheme and to prepare to fend off any and all targeted DDoS attacks so that your business is unaffected by the attacks. Give us a call to learn about your defense options.

If you do experience an extortion attempt and/or a DDoS attack, the FBI would like to hear from you:


The FBI encourages recipients of this notification document to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at 855-292-3937 or by e-mail at CyWatch@ic.fbi.gov. When available, each report submitted should include the date, time, location, type of activity, number of people, and type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact.

You May Also Be Interested In: