Bitcoin Extortion Group DD4BC Prompts Warning from Swiss Government

Distributed denial-of-service attacks against organizations in New Zealand appear to be connected to the extortionist group DD4BC.

AccessTimeIconMay 8, 2015 at 8:30 p.m. UTC
Updated Aug 18, 2021 at 3:52 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Extortionist group DD4BC appears to be connected to a new wave of distributed denial of service (DDoS) attacks against organizations in Switzerland, New Zealand and Australia.

With the new attacks, the group is seeking 25 BTC from affected parties in exchange for relinquishing the flood of inbound data is issues that renders recipient websites inaccessible.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Most recently, DD4BC was named in an 8th May warning published by the Swiss Governmental Computer Emergency Response Team (GovCERT), a division of MELANI, a national agency focused on cybersecurity issues.

    The warning read:

    "In the past days MELANI / GovCERT.ch has received several requests regarding a distributed denial of service (DDoS) extortion campaign related to 'DD4BC'."

    According to the New Zealand government, the extortion attempts appear to begin with a short DDoS attack to demonstrate the potential impact after the ransom demand has been issued.

    DD4BC has been tied to past attacks on digital currency businesses and websites, including extortion attempts against a number of well-known mining pool operators.

    Swiss incidents

    GovCERT said that it had received reports from "several high profile targets", stating that a number of organizations had been affected as a result of the wave of DDoS attacks.

    According to the agency, recent DD4BC activity has been rising, with the new attacks starting at the beginning of May.

    The advisory explained:

    "While these attacks have targeted foreign organisations in the past months, we have seen an increase of activity of DD4BC in Europe recently. Since earlier this week, the DD4BC Team expanded their operation to Switzerland."

    The agency advised those impacted by the attacks not to pay the ransoms, and instead file a police report and contact their Internet service providers for additional mitigation support.

    New Zealand connection

    News of the New Zealand attacks surfaced earlier this week, when the New Zealand National Cyber Security Centre (NCSC) released a warning about DDoS attacks on local organizations.

    The notice said that an investigation is underway, though the agency did not specify the operating name of those behind the attacks. National security advisor for the New Zealand government Daria Brankin declined to comment when reached.

    Cybersecurity nonprofit New Zealand Internet Task Force chairman Barry Brailey, however, confirmed the connection between the group and the recent DDoS attacks in that country.

    The group issued a notice about the DDoS threats on 7th May.

    "Yes [the series of attacks] appears to be linked to the group/moniker 'DD4BC'," Brailey told CoinDesk.

    History of attacks

    A string of incidents involving DD4BC last year culminated with the creation of a 100 BTC bounty after the group targeted bitcoin exchange and wallet service Bitalo.

    This amount swelled to 110 BTC following a contribution by AntPool operator Bitmain during the mining pool attacks.

    Other companies impacted by the group in the past year include BitQuick, BitBay, Expresscoin and CoinTelegraph.

    Image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.



    Read more about