DDoS Attacks Include Ransom Notes Demanding Monero’s XMR

DDoS (Distributed Denial of Service) Attacks

Akamai’s security intelligence unit has reported that recent DDoS (distributed denial of service) attacks have become increasingly sophisticated. In case you don’t know, DDoS attacks are carried out by “hijacking” a number of computer systems and installing malicious Trojans on them. A Trojan (horse) is a computer program that uses deceptive tactics to conceal its purpose. This “purpose” is usually to steal personal information like passwords, access to a user’s bank account, and even take over key functions of their operating system.

Typically, a Trojan accomplishes this purpose by disguising code, which allows them backdoor access to a user’s system, in an email attachment. Once a user clicks and downloads the attachment, the attack begins. After several systems have been “taken over” in this manner, the hackers launch a denial of service attack (D0S) from all the infected systems. The motive of a DoS attack is to prevent targeted users from being able to access certain network resources and various other internet services. This is done by intentionally flooding and overloading the users’ network with “spam-like” requests.

Since this superfluous traffic is targeting a system from multiple sources, sometimes even using hundreds or thousands, it is not possible to prevent the attacks by blocking just one IP address. Moreover, it’s not easy to figure out which traffic is normal, and which is “attack traffic”. That’s because traffic is coming from so many different sources.

Akamai Engineer Says DDoS Are Becoming More Sophisticated

Now, according to Chad Seaman, senior engineer a Akamai Technologies, the already complex DDoS attacks are becoming even more sophisticated. Seaman describes them by stating,

“It’s actually like a DDoS attack with a phishing attack with an extortion attack all rolled into one. When we saw it we were like, huh, clever bastards.”

What the Akamai engineer is referring to here is an embedded demand in the hacker’s cryptic code, which asks for “50 XMR”, or Monero. At the time of this writing, 50 XMR is approximately worth $17,000 (CoinMarketCap).

Although DDoS attacks have previously included ransom demands, they’ve come through emails, or other similar modes of communication. However, this approach might have been adopted because, as Seaman points out, ransom messages in emails tend to get filtered out by spam blockers. By embedding the ransom note in the DDoS code itself, security analysts checking the affected system will likely come across it.

Monero’s XMR Demanded As Ransom

The reason hackers demand ransom money in Monero’s XMR, instead of more mainstream cryptocurrencies such as Bitcoin, is that its transactions are a lot harder to track down. Even though both BTC and XMR transactions are executed on a public blockchain, where they’re publicly visible, the sender, recipient, and amount transferred is hidden in XMR transactions.

Due to the anonymous nature of Monero transactions, even the hackers might not know if their victims have actually paid them. This could lead to their ransom demands not being met. Therefore, it’s not entirely clear just how the attackers intend to get what they want.

Oftentimes, it becomes confusing to figure out what cyber thieves are up to, or even mysterious. In one particular case reported by Core Media, the CoinDash ICO hacker kept returning stolen ETH. This behavior clearly indicates that the security of online systems needs to be drastically improved.


  1. Pretty easy to get rid of DDOS attacks, since they are carried out by pcs infected with trojans and this pcs are all Windows crap. So getting rid of Windows crap will solve this problems and many others too.

    1. Unfortunately, not many people want to step away from using the Microsoft Windows operating system. Personally, I am beginning to hate it. So, I might switch over to Linux or something.

Comments are closed.