According to the Police and Border Guard Board, at least two Estonian companies have become victims of the latest cyber-attack, in which they also received an email demanding Bitcoins. The cyber-criminals threatened in the emails that should they not received Bitcoins, more serious attacks will follow.
In both cases, the denial-of-service (DoS) attack was first committed against the official web pages of the respective companies. The businessmen then got an email which specified the account and deadline for transferring the Bitcoins – to avoid a more deadly ambush. According to police representative, the cyber-attack lasted for about an hour. However, the attackers have not carried through their threats, despite the entrepreneurs not giving in to Bitcoin demands. The police have started a criminal investigation.
Took a year for Estonian criminals to try out the business plan.
Its not yet known who is behind the attack and extortion. Similar cases in Estonia have not been seen before, but the rest of the world is familiar and law enforcement agencies in various countries cooperate to apprehend the criminals. The extortion letters are sent by organized criminals who call themselves “DD4BC”.
Searching by “DD4BC” shows that in the last months several organizations in various countries have received Bitcoin extortion letters from group calling themselves DD4BC. However, these might as well be Estonian criminals going under DD4BC handle.
I’m not sure if this incident is a good indication of when Estonian criminals started getting into this kind of racketeering. The ERR article does not say anything about the criminals being Estonian, so for all we know, it could be that it took a year for foreign extortionists to discover Estonian businesses as potential targets. Likewise, for all we know, Estonian criminals could be attacking foreign companies for quite some time already.