[dubcanada]

On another note, the amount they are asking for seems really reasonable, like how are they making money? A DDoS attack must cost more then like 0.06BTC (like $3500 USD) to run all weekend?

[rgrmrts]

I’d assume they’re not actually paying for these attacks and have access to a large botnet, which would imply no cost (outside of hours spent constructing the attack) to the adversary, right?

[jacobobryant]

They might be renting the botnet.

[bombcar]

A DDoS can be rented for less than $100/mo depending on how much bandwidth you want to flood. Remember, they're compromised machines; you're not paying for egress bandwidth.

[jorgesborges]

Are most machines involved in attacks like this compromised? Are we talking generic consumer desktop machines, like my grandma’s old XP desktop running in her basement?

[IceWreck]

> Are most machines involved in attacks like this compromised?

Yes

> Are we talking generic consumer desktop machines, like my grandma’s old XP desktop running in her basement?

Those combined with hundreds of thousands of compromised VPSes, etc.

[bombcar]

And don’t forget the millions of IoT devices.

[stilley2]

If they're using a botnet of compromised servers then I suspect the marginal cost is negligible.

[harikb]

It could also be seed investment to see who is likely to pay up. ROI comes from second attack.