A new version of the Fodcha DDoS botnet delivers ransom demands directly within DDoS packets used against victims’ networks, revealed Netlab 360. The latest Fodcha version 4 now uses encryption to establish communication with the C2 server and relies on 42 C2 domains to operate 60,000 active bot nodes daily, generating up to 1Tbps of destructive traffic.