According to a recent Kaspersky Lab report, attackers who demand a ransom in return for not launching a DDoS attack (or to call off an attack in progress) can earn thousands of dollars in bitcoins, enabling the profitability of such attacks to exceed 95 percent.
“And the fact that the owners of online sites are often willing to pay a ransom without even checking whether the attackers can actually carry out an attack (something that other fraudsters have already picked up on) adds even more fuel to the fire,” the report notes.
DDoS attacks, according to the report, can cost anywhere from $5 for a 300-second attack to $400 for a 24-hour attack.
The average price for an attack is around $25 per hour, while an attack using a cloud-based botnet of 1,000 desktops will cost the providers about $7 an hour — meaning that cybercriminals can make a profit of $18 an hour by providing DDoS as a service.
Prices can vary by target — on one DDoS-as-a-service website, Kaspersky notes, the prices for attacks on unprotected websites range from $50 to $100, while attacks on sites protected with anti-DDoS solutions cost $400 or more.
They can also vary by source — an attack using a botnet of surveillance cameras or other IoT devices will likely be cheaper than an attack using a botnet of servers.
“Cybercriminals are constantly on the lookout for new and cheaper ways of organizing botnets, as well as coming up with ever more ingenious attack scenarios that security solutions will have difficulty dealing with,” Kaspsersky Lab security researcher Denis Makrushin said in a statement.
“That’s why, as long as there are vulnerable servers, computers and IoT devices connected to the Internet, and many companies prefer not to invest in security against DDoS attacks, we can expect the profitability of DDoS atacks to continue growing, along with their complexity and frequency,” Makrushin added.
Separately, Kaspersky Lab’s 2016 IT Security Risks study found that 43 percent of businesses that fell victim to a DDoS attack last year believe their competitors were behind the attack, while 38 percent blamed cybercriminals.
Twenty percent of DDoS attack victims blamed foreign governments and secret service organizations, while 21 percent blamed disgruntled former employees.
“It is clear that businesses feel their IT systems and private data are under siege from all sides,” Kirill Ilganaev, head of DDoS protection at Kaspersky Lab, said in a statement. “With DDoS attacks becoming so frequent and so crippling, many suspect their competitors are behind them, as they look for ways to put their rivals out of action and steal their customers as a result.”