According to a report at the New York Times, extortionists who target tech companies using DDoS attacks unless they pay a bitcoin ransom are on the rise. Some of the most recent high-profile victims include Vimeo, Mailchimp, Shutterstock, Feedly, and Evernote. The Times’ Nicole Perlroth writes that generally the attackers only ask for around $300 worth of cryptocurrency, and one security consultant tells her that sometimes the targeted tech companies pay up.
$300 may not sound like much to a company with millions in venture capital or public stock. But under the whole “We don’t negotiate with terrorists” rationale, giving in to even small demands can put a company in a bad position where attackers know they can easily take a little bit of cash from a company — an amount that could easily rise once attackers realize they have the upper hand.
Of course sometimes the refusal to negotiate backfires. Moz’s Chief Technology Officer Anthony Skinner says after his company refused to pay the extortionists, they upped the price to $2,000. “For them it’s a big game,” Skinner tells the outlet. “For us, it’s a huge waste of time.”
This helps to explain the recent rise in DDoS attacks, which function by sending massive amounts of page requests to a site in order to overload its servers. Often, these attacks are carried out for political reasons by groups like the Syrian Electronic Army. But it’s difficult to wonder what political ethos would be troubled by stock photo sites and note-taking apps like Shutterstock and Evernote. Apparently the goal is much more mundane: cold hard virtual cash.
[image via thinkstock]