Members of Cybercriminal Group DD4BC Detected in Bosnia and Herzegovina, Says Europol

Europol has confirmed a global operation against the cybercriminal group DD4BC (Distributed Denial of Service – DDoS – for Bitcoin) by official statement. The action unites efforts of law enforcement officials from Austria, Bosnia and Herzegovina, Germany, the United Kingdom and Europol. Besides police authorities from Australia, France, Japan, Romania, the US, Switzerland and Interpol joined the coordinated operation.

Europol informs that on December 15-16 several raids have been carried out bearing the name of Operation Pleiades. As a result two members of DD4BC have been detected and seized evidence was inspected with mobile labs.

“The DD4BC group is exploiting the increasing popularity of pseudonymous payment mechanisms and has been responsible for several Bitcoin extortion campaigns since mid-2014. DD4BC primarily targeted the online gambling industry, but has recently broadened their activity to the financial services and entertainment sector as well as other high-profile companies. Businesses that pay the ransom to the blackmailers risk appearing vulnerable and being targeted again for a higher amount,” Europol’s statement said.

DD4BC, or DDoS 4 Bitcoin, firstly appeared in July 2014. Since that time the group has managed to conduct multiple usage of DDoS related extortion schemes against targets in the public sector, including banks, publishers, and financial institutions. It is also accused of extortion attempts made towards people who found their email address published as part of the Ashley Madison hack. Thus DD4BC abused distributed denial of service (DDoS) attacks and extorted money from organizations.

“Distributed Denial of Service (DDoS) attacks remain a considerable threat in the European Union and beyond. This type of extortion attack has become a well-established criminal enterprise and has affected thousands of victims globally, with the number of unreported incidents believed to be much higher. The absence of reporting by private companies and individuals poses particular difficulties in law enforcement’s efforts to prosecute these cyber threats”, explains Europol.

Wil van Gemert, Europol’s Deputy Director Operations, said in conclusion of the statement: “Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups. These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage. Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks. Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.”