DDoS Extortion Pricing Model
In a recent blog post, Dancho Danchev writes of the changing nature of cyber-extortionists’ business models. Included in the post is a sample DDoS extortion letter that not only demands the recipient pay a monthly fee (or else endure a paralyzing DDoS attack) but also offers a couple “bonuses,” including:
1. 30% discount if you request DDoS attack on your competitors/enemies. Fair market value ddos attacks a simple site is about $ 100 per night, for you it will cost only 70 $ per day.
2. If we turn to your competitors / enemies, to make an attack on your site, then we deny them.
It appears that the recipient of such a letter would have little choice but to submit to the extortionist’s demands—unless of course their confident that their Web site is sufficiently protected from a DDoS attack. But what kinds of legal safeguards can governments enact to protect companies who are vulnerable this type of cyber crime? I appreciate any and all suggestions.