Popular VPN service fights back against DDoS ransom demand - expert comment
April 2016 by Alex Cruz Farmer, VP of cloud at NSFOCUS IB
Earlier this week, the VPN service Cloak received an unsettling email which stated that, if they didn’t pay 10 bitcoin ($4,400) in the next week, the service would be hit by a DDoS attack large enough to bring down the entire service. The fallout from that downtime would easily cost more than $4,400, so the criminals offered an early pay-off as an easy way to avoid all that damage.
But today — a full five days before the ransom demand came due — the company struck back, going public with the demand and promising to withstand any attack criminals attempted. "We apologize for any disruption as a result of these attacks; please know that we will do everything in our power to thwart them," the company wrote in a blog post today. "But let us reiterate: no matter what happens, we simply will not pay these garden-variety thugs."
Commenting on this, Alex Cruz Farmer, VP of cloud at NSFOCUS IB, said: “Ransoms are becoming a recurring method for cyber terrorists to extort money from hard working, small and even some larger businesses around the world. That said, with cost effective solutions to DDoS mitigation now available on the market, their ransom demands are becoming less and less valuable, albeit more frequent. I had a conversation recently, and I asked the following question - from their prospective, how quickly could they build up a botnet capable of delivering a 10-20Gb/sec payload? They gave me an answer of a week, and their only cost? Time.”