Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Law Enforcement Cracks Down on DD4BC Group

Europol announced on Tuesday that a couple of individuals suspected of being tied to the DD4BC cybercriminal group have been identified as part of an international law enforcement operation.

Europol announced on Tuesday that a couple of individuals suspected of being tied to the DD4BC cybercriminal group have been identified as part of an international law enforcement operation.

DD4BC (DDoS “4” Bitcoin) has been launching DDoS attacks against organizations from around the world, demanding Bitcoin payments to stop their attacks. Since mid-2014, the group has targeted hundreds of online gambling, financial services, entertainment and other types of companies in North America, Europe, Asia and Australia.

In mid-December, law enforcement agencies from Austria, Germany, Bosnia and Herzegovina, and the United Kingdom, coordinated by Europol, launched Operation Pleiades in an effort to disrupt the DD4BC group. The operation was also supported by Interpol and police from Australia, Japan, Romania, France, Switzerland and the United States.

According to Europol, the Metropolitan Police Cyber Crime Unit in the UK identified key members of the cybercrime group in Bosnia and Herzegovina. One individual, suspected of being a key member of DD4BC, has been arrested, and another suspect was detained. Police searched multiple locations and seized evidence.

“Law enforcement and its partners have to act now to ensure that the cyberspace affecting nearly every part of our daily life is secure against new threats posed by malicious groups. These groups employ aggressive measures to silence the victims with the threat of public exposure and reputation damage,” said Wil van Gemert, Europol’s Deputy Director of Operations. “Without enhanced reporting mechanisms law enforcement is missing vital means to protect companies and users from recurring cyber-attacks. Police actions such as Operation Pleiades highlight the importance of incident reporting and information sharing between law enforcement agencies and the targets of DDoS and extortion attacks.”

A report released by Akamai in September 2015 on the activities of DD4BC revealed that the company had observed 141 attacks launched by the extortionists between September 2014 and August 2015. Experts pointed out at the time that the largest DDoS attack they had seen peaked at 56 Gbps, nowhere near the 400-500 Gbps the group threatened its victims with.

Recorded Future reported in December that DD4BC and another notorious DDoS blackmail group dubbed “Armada Collective” had inspired copycats.

Advertisement. Scroll to continue reading.

Heimdal Security has monitored the activities of DD4BC and it hasn’t observed any escalation in DDoS attacks from this group over the past period.

“While our recent threat activity shows no escalation in DDoS attacks from the DD4BC group, knowing and dismantling cyber criminal infrastructure is key to law enforcement success,” Morten Kjaersgaard, CEO of Heimdal Security, told SecurityWeek. “DDoS attacks have been increasingly frequent in the past 6 months, so the Europol and police task forces across Europe are sending a strong signal that such attacks won’t be left without consequences, especially since DD4BC is a primary driver for some of the more prominent attacks.”

Akamai said DD4BC activity decreased considerably in August 2015 from their perspective.

“The overall activity of DD4BC from our perspective dramatically decreased in August of 2015 and we were no longer validating DDoS campaigns against our customer base as of September the same year. Since then, we have been tracking several ‘copycats’ actors group which use similar tactics, where they threaten the victim with emails warning of an impending DDoS against their website unless a ransom is paid in bitcoins. Of the groups, ‘Armada Collective’ seems to be the one most active,” David Fernandez, manager of the Akamai SIRT and Editor in Chief of the State of the Internet Security Report, said via email.

*Updated with statement from Akamai

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...