Photo

Tech start-ups continue to get hit by extortion attempts from cybercriminals who aim to shut down their systems until companies pay their ransom.

For several months, the Federal Bureau of Investigation has been investigating a wave of so-called denial-of-service, or DDoS attacks, against web start-ups. In each case, attackers knock their victims offline using a flood of traffic and refuse to stop until victims pay their ransom in Bitcoins.

Among the businesses targeted in the initial wave of attacks were Vimeo, the video-sharing company; Meetup, a company that connects groups offline; Basecamp, a project management software company; Bit.ly, the link-shortening service; Shutterstock, the stock photography agency, and MailChimp, the email marketing provider. In nearly every case, the amount demanded was typically low, in the $300 range. And in some cases, one security consultant said, the victims paid the ransom.

Among the companies targeted in just the last month have been Feedly, a service that aggregates web content; Evernote, the productivity service; and Moz, which makes marketing analytics software. On Thursday, Move, a San Jose, Calif. start-up that provides online real estate services, was added to the list.

At Moz, Anthony Skinner, the company’s chief technology officer, said in an interview that initially the hacker — or a group of hackers who use the same email address — asked for $200 to stop attacks on their system. When the company refused to pay, Mr. Skinner said, the ransom demand increased to $2,000. Moz has since signed up with services like CloudFlare, a company that helps mitigate DDoS attacks by spreading traffic among systems around the world, but Mr. Skinner said the attacker has found new ways to attack their systems.

“If we move one way, they come after us a different way,” Mr. Skinner said. “It’s a game of cat-and-mouse at this point.”

Mr. Skinner said the attackers (or attacker) have covered their tracks using anonymity software and flooding companies from thousands of different IP addresses in the United States. Those addresses are likely to be bots, or computers infected with malware that allow the hackers to apply them to an attack.

Moz is working with other affected companies, including Feedly, but said that because each company has different infrastructure, and because the attack methods differ, sharing information about the extortion attacks only provides so much help.

“We’re all getting hit differently and so banding together can only do so much, beyond commiserating with your friends,” Mr. Skinner said.

He said the attacks have been frustrating not just for Moz and its employees, but for the company’s customers, who don’t understand why their systems are being impacted.

On Thursday, Move, the online real estate company, was the latest company to fall victim. The company said the attack, which began Tuesday, was still going on Thursday and had made realtor.com, the official website of the National Association of Realtors, and other Move web services inaccessible. In a statement, Move said its network service providers were trying to resolve its shutdown and working closely with law enforcement to track down the attackers.

The F.B.I. is looking into the attacks, according to two people close to the inquiry who would speak only on condition of anonymity because they were not authorized to speak publicly about a continuing investigation. They said the agency was operating under the assumption that the attacks were the work of the same culprit, or group of culprits. Jennifer Shearer, a spokeswoman for the F.B.I., declined to comment.

DDoS attacks in general are on the rise, according to Arbor Networks, a security firm in Burlington, Mass., after a “hockey stick” growth trajectory. But last year, the frequency of such attacks jumped eightfold from the previous year, and the size of the attacks eclipsed previous peaks by over 200 percent, according to a report by the firm.

And while no numbers have been published on the uptick in extortion attacks, security firms that mitigate DDoS attacks say that their business is more than doubling, in part because of the extortion attempts. At CloudFlare, for instance, Matthew Prince, the company’s chief executive, said CloudFlare had increased revenue 450 percent last year because of greater interest in its service.

Tech start-ups are a ripe target because they often lack the sophisticated security architecture of a larger company, and because they depend on around-the-clock Internet access for their livelihood. That is the reason some say an alarming number of start-ups have paid the ransom, in hopes it would just go away.

At Moz, Mr. Skinner said the attacker continues to demand $2,000 to stop the flood of attacks, but Moz refuses to pay. “This is a sad case of a sad person,” Mr. Skinner said. “For them it’s a big game. For us, it’s a huge waste of time.”