In Christian Sager’s June 2014 article “Why do people perform DDoS attacks“, he does an excellent job in outlining the possible motivations for DDoS attackers. I especially like the DDoS attack map site he references. Here is a snapshot from today’s attacks
Christian covers a range of excellent points behind DDoS attacks, and yes he does address direct monitory extortion in the following excerpt.
Feedly’s claim that their DDoS attack was the result of extortionists isn’t that unbelievable. There have been several cases where a DDoS is followed by a ransom note. Once the site is down, the attackers demand money in exchange for stopping their attacks. Some even make the threat before the attack. In both cases their rate of success is usually low.
A DDoS attack with a ransom note is a bit crude when compared to the much more insidious indirect extortion going in the world of DDoS attacks. One half Million Dollars is the base price for a firewall capable of mitigating a DDoS attack on a 10 gig network (with limited success at that). Vendors are selling thousands of them year. Let me state, I do not have evidence of any link between the sale of a Firewall product to a deliberate DDoS attack, but I wonder why the DDoS attacks are so widespread and cannot help but to speculate. With equipment sales in infrastructure struggling in a flat IT infrastructure economy. The prevalence of wide spread DDoS attacks is picking up.