What kind of DDoS damage does $50 buy?


Fifty dollars can be quite an investment. At the right supermarket, $50 will get you three beer cases, which equals three good weekends. Alternatively, it can get you a copy of Fortnite and a point of Flamin’ Hot Cheetos, which is not a slam about gamers eating Flamin’ Hot Cheetos because everyone eats Flamin’ Hot Cheetos and buying them by the issue is the most economical option.


For those who aren’t in the mood for anything so productive or enjoyable, it turns out that $50 could also do a whole lot of damage in the form of a distributed denial of service (DDoS) attack. For the low price of $50, a person can make a business miserable and cost a lot of money.

DDoS-for-hire services for everyone

In the last couple of years, the source codes of one botnet after the other have been released, and ever since then, a DDoS for hire service has become the Etsy shop of cybercrime: anyone with a modicum of know-how who wants to make a little extra money shilling their junk can have one.

This brings us to a DDoS for-hire service known as Ox Booter. Ox Booter is a relatively new offering in the DDoS-for-hire category. It uses the Bushido botnet, which appears to have been scraped together using the Mirai source code and the Owari botnet.

Security researchers have looked pretty well at the Ox Booter service and Bushido botnet. On the whole, it’s nothing special. A botnet that piggybacks on ready-made code and service overstates its abilities, claiming 500 Gbps when researchers couldn’t get it to top 425. However, this exaggerated piggybacking Ox Booter is enough to inflict significant DDoS damage on a target, all for a pretty low price.

The budget breakdown

So what exactly does $50 get you on the Ox Booter? For fifty dollars, a person can purchase the Gold+ package, which entitles them to 60 minutes worth of DDoS attacks in one month with the ability to launch two attacks simultaneously. Ox Booter users get to choose from a variety of network layer or application layer attacks, so if they know anything about their target – say, that their prey doesn’t have much extra bandwidth to go around or that the target website has a lot of resource-intensive dynamic content – they can somewhat tailor the attack to strike a weakness.

The Gold+ package is a middling one on Ox Booter, with packages starting as low as $20 and going as high as $150. That $20 package – the Bronze package – allows a user to launch 15 minutes worth of DDoS attacks in a month, with the ability to tackle just one at a time. It may be the cheapest offering on Ox Booter’s menu, but 15 minutes of a 425 Gbps attack is more than enough to take down a target site or service if it does not have professional cloud-based DDoS mitigation. That $150 package? Two hours worth of DDoS attacks, with the ability to launch two at a time. Enough juice to make many businesses suffer or do one business, particularly, suffer for a long time.

Regardless of which package a would-be attacker selects, Ox Booter provides 24/7 support. How considerate.

Small investment, big consequences

By now, it’s pretty well known within the business community that a DDoS attack can cost up to $100,000 per hour. Absurd as it may seem, someone with no technological know-how can spend $50 to cost a business $100,000 with a cyberattack. Even more absurdly, with how the justice system struggles to catch up with cybercrime, that person will likely get away with it. Businesses need to be looking at making an investment of their own in the form of professional cloud-based DDoS mitigation to prevent those six-figure cyberattack bills. Not everyone is happy to spend their $50 on Fortnite and Cheetos. Too bad.