Protect Your Network from Ransom Related DDoS Attacks

Ransom DDoS Attacks

In 2020, the DDoS threat landscape saw a phenomenal rise in extortion attacks. Security personnel faced an awful dilemma when DDoS attackers demanded ransom, and if denied, organizations suffered the consequences of damaging downtime. DDoS attacks earlier were notoriously recognized to cause damaging downtime alone; however, something sinister as demanding ransom from targeted companies is flooding the current DDoS threat landscape.


What is a Ransom-Related DDoS Attack?

Commonly known as the RDDoS, the crime involves attackers launching DDoS attacks and threatening to shut down the targeted company’s revenue-making channels until the victim agrees to meet ransom demands. Two types of attackers are profiting from DDoS attacks for ransom: the extortion gangs and the regular DDoS attackers. The extortion gangs have learned that DDoS attacks are quicker to launch than most ransomware attacks, and they can use DDoS attacks to cause substantial damage to the victim. In a second scenario, regular DDoS attackers, using criminal gang names, are following ransomware group tactics and demanding ransom.

The infamous ransomware groups – SunCrypt and RagnarLocker were first to use DDoS attack tactics to extort a ransom in October 2020, followed by Avaddon, the group currently DDoSing targets. In August 2020, the FBI announced that DDoS attackers are leveraging the names of well-known ransomware groups such as Fancy Bear, Lazarus Group, and the Armada Collective.

DDoS attackers are nefariously asking targeted companies to refer to the 2020 New Zealand Stock Exchange Attack that brought the organization to its knees as a testimony to their damage-causing potential. Attackers are wise to send ransom emails followed by immediate DDoS attacks to prove their seriousness. For instance, a leading mitigation company reported that their clients received ransom emails from extortionists who threatened them with crippling DDoS attacks unless they paid between 5 and 10 bitcoins ($150,000 to $300,000).

Observing a series of such incidents, investigation agencies have noted a distinctive peculiarity of DDoS extortion campaigns; authorities confirm attackers had conducted a high-level reconnaissance before sending ransom emails. The criminals knew of the exact vulnerability points and warned the targeted companies of maximum destruction if they dumped the threat emails.

Why are Ransom-Related DDoS Attacks (RDDoS) Becoming Popular?

  • RDDoS Attack is a Low-Effort than Installing Malware

     Installing malware in an enterprise’s IT infrastructure requires expert skills and due diligence, and creating malicious software programmed for data theft is time-consuming. However, DDoS attacks are quick and easy to launch, with botnets readily available for rent.

  • Attacks are Launched Using the Most Common Web Applications

    Attackers are increasingly abusing a growing number of devices with built-in network protocols to amplify DDoS attacks with limited resources. Disabling built-in features, such as ARMS, WS-DD, and CoAP isn’t viable because it corresponds to the loss of business functionality, connectivity, and productivity, making problem-solving a challenge.

  • Attackers are Motivated by the Surge in Bitcoins

     Over the past six months, the price of Bitcoin has been exploding, making it a newfound formula for getting rich quickly. In the wake of bitcoin prices surging, RDDoS attackers are re-prioritizing their demand strategy and returning with massive extortion campaigns. Criminals are threatening companies with serial DDoS attacks unless they pay bitcoins for ransom.

Victims are Advised Not to Pay Ransom

Law officers advise targeted companies not to pay the ransom because it encourages others to join the crime, making the ransom-paying businesses more lucrative. Extortion gangs promise to stay away from the targets once they meet the ransom demands; however, there is no guarantee that criminals will not return for more money. Taking advantage of the bitcoin price rise, DDoS attackers, in one of their ransom emails, continued increasing the ransom amount by ten bitcoins each day until the victim paid the amount. By paying the ransom, companies do not save the business but make themselves more vulnerable to further damage.

The Ideal Solution:

Block Vulnerability Points BEFORE an Attack

  • DDoS attacks are successful because attackers are able to exploit vulnerabilities before security personnel and mitigation solutions can identify and block them. Since many open channels are not detected in real-time, vulnerabilities remain unblocked, and DDoS attacks can bypass the most robust mitigation solutions.
  • The cyber industry is only now aware that the technology to reduce DDoS surface risks and block DDoS attacks entirely is now available. Companies can avoid downtime and protect their networks against DDoS attacks by deploying MazeBolt’s RADAR™ without replacing their existing mitigation solutions. RADAR™ detects DDoS vulnerabilities non-disruptively and continuously and lowers the vulnerability level to 2% and below.
  • The real-time vulnerability report helps security teams improve their networks’ visibility and manage their vulnerability windows BEFORE a damaging DDoS attack, therefore, leaving no opportunities for attackers to exploit them for ransom.

Click here to learn more about RADAR™

About MazeBolt

Israel-based MazeBolt is an innovation leader in cybersecurity with over two decades of experience in pioneering DDoS protection solutions. The company’s new flagship product, RADAR™, is a patented, new technology. It offers DDoS protection through automated DDoS simulations on live production with zero downtime. Working in conjunction with any mitigation solution installed. Its unique capabilities have ensured business continuity and full DDoS security posture for enterprises worldwide, including Fortune 1000 & NASDAQ-listed companies.

 

 

Stay Updated.
Get our Newsletter*

Recent posts

How to Eliminate the Risk of DDoS Attacks

Learn how to reduce the risk of DDoS attacks in this insightful interview with Alon Yaffe, Lead Solutions Architect at MazeBolt. Discover the vulnerabilities in current DDoS defenses and why proactive, continuous protection is essential for Israel’s critical infrastructure.

Read More

Stay Updated - Get Our Newsletter

Stay Updated - Get Our Newsletter