Close Menu
Cybercrime and Ransomware

22-Year-Old Charged for Massive Botnet DDoS Attacks

Staff WriterBy No Comments4 Mins Read3 Views

Essential Insights

  1. A 22-year-old Oregon man, Ethan Foltz, is charged with running RapperBot, a global DDoS-for-hire botnet used in attacks across 80+ countries since 2021.
  2. RapperBot infects devices like DVRs and routers using brute-force attacks, then commands them to launch large-scale DDoS and cryptojacking campaigns, with some attacks exceeding 6 Tbps.
  3. The botnet facilitated over 370,000 attacks on 18,000 victims, employing 65,000 to 95,000 compromised devices, and was monetized through paid access and ransom extortion.
  4. Foltz was linked to the botnet through IP traces, searches for "RapperBot," and law enforcement seized control of its infrastructure in August 2025 as part of Operation PowerOFF.

What’s the Problem?

A 22-year-old man from Eugene, Oregon named Ethan Foltz has been charged with creating and overseeing a malicious network called RapperBot, a powerful tool used to launch massive cyberattacks known as Distributed Denial-of-Service (DDoS) attacks. Since at least 2021, RapperBot has been exploited to target victims across more than 80 countries, flooding their devices and servers with enormous volumes of malicious traffic—sometimes exceeding 6 terabits per second—by infecting tens of thousands of devices like routers and DVRs through brute-force hacking methods. These infected devices are then instructed to bombard targeted systems, disrupting their operations and even resulting in ransom-style extortion threats. Law enforcement, having tracked the botnet back to Foltz via IP addresses linked to various online accounts and extensive Google searches about RapperBot, seized control of the network and its infrastructure earlier this month, revealing a pattern of malicious activity including monetization through selling access to the botnet and extending its use into cryptojacking. This arrest is part of ‘Operation PowerOFF’, a global initiative to dismantle cybercriminal networks involved in illegal DDoS-for-hire services, aiming to curb the widespread cyber threats posed by such sophisticated malware operations.

Risks Involved

Cyber risks such as DDoS-for-hire botnets like RapperBot exemplify the escalating threat to global digital infrastructure, capable of launching massive-scale attacks that overload servers with traffic exceeding 6 terabits per second, causing widespread disruption in services across more than 80 countries. These malicious networks, often composed of tens of thousands of infected devices—ranging from routers to DVRs—are exploited via brute-force attacks on protocols like SSH and Telnet, and subsequently monetized through ransom extortion and cryptojacking, thereby amplifying their financial and operational impact. The case of Ethan Foltz, who operated RapperBot with over 370,000 attacks affecting thousands of victims worldwide, underscores the significant danger posed by cybercriminal enterprises that facilitate disruptive cybercrime on an unprecedented scale. Such threats not only threaten critical infrastructure but also highlight the urgent need for strengthened cybersecurity defenses and international cooperation to dismantle these criminal networks before they cause even greater harm.

Possible Remediation Steps

In the rapidly evolving landscape of cyber threats, swift and effective remediation is crucial to minimize damage, protect sensitive data, and maintain trust in digital systems. Addressing the sophisticated operations of a large-scale botnet like RapperBot requires immediate action to thwart ongoing attacks and prevent future incidents.

Containment Measures
Implement network segmentation to isolate infected systems and prevent the spread of malicious activity.

Malware Removal
Deploy advanced antivirus and anti-malware tools to identify and eradicate malicious code from affected devices.

Traffic Filtering
Use firewalls, IP reputation databases, and DDoS mitigation services to filter malicious traffic and block command-and-control servers.

Vendor Coordination
Work closely with internet service providers and cybersecurity firms to trace the source and dismantle the botnet infrastructure.

Legal Action
Coordinate with law enforcement for proper investigative procedures and potential prosecution.

System Patching
Update all software and firmware to patch vulnerabilities exploited by the botnet.

User Education
Inform users about phishing tactics and security best practices to prevent initial infection and further compromise.

Monitoring & Review
Continuously monitor network activity to detect anomalies and review security protocols to strengthen defenses against future assaults.

Stay Ahead in Cybersecurity

Stay informed on the latest Threat Intelligence and Cyberattacks.

Understand foundational security frameworks via NIST CSF on Wikipedia.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.