In 2020, the DDoS threat landscape saw a phenomenal rise in extortion attacks. Security personnel faced an awful dilemma when DDoS attackers demanded ransom, and if denied, organizations suffered the consequences of damaging downtime. DDoS attacks earlier were notoriously recognized to cause damaging downtime alone; however, something sinister as demanding ransom from targeted companies is flooding the current DDoS threat landscape.
What is a Ransom Related DDoS Attack?
Commonly known as the RDDoS, the crime involves attackers launching DDoS attacks, and threatening to shut down the targeted company’s revenue-making channels until the victim agrees to meet ransom demands. Two types of attackers are profiting from DDoS attacks for ransom: the extortion gangs and the regular DDoS attackers. The extortion gangs have learned that DDoS attacks are quicker to launch than most ransomware attacks, and they can use DDoS attacks to cause substantial damage to the victim. In a second scenario, regular DDoS attackers, using criminal gang names, are following ransomware group tactics and demanding ransom.
The infamous ransomware groups - SunCrypt and RagnarLocker were first to use DDoS attack tactics to extort a ransom in October 2020; followed by the Avaddon, the group currently DDoSing targets. In August 2020, the FBI announced that DDoS attackers are leveraging the names of well-known ransomware groups such as Fancy Bear, Lazarus Group, and the Armada Collective.
DDoS attackers are nefariously asking targeted companies to refer to the 2020 New Zealand Stock Exchange Attack that brought the organization to its knees as a testimony to their damage-causing potential. Attackers are wise to send ransom emails followed by an immediate DDoS attacks to prove their seriousness. For instance, a leading mitigation company reported that their clients received ransom emails from extortionists who threatened them with crippling DDoS attacks unless they paid between 5 and 10 bitcoins ($150,000 to $300,000).
Observing a series of such incidents, investigation agencies have noted a distinctive peculiarity of DDoS extortion campaigns; authorities confirm attackers had conducted a high-level reconnaissance before sending ransom emails. The criminals knew of the exact vulnerability points and warned the targeted companies of maximum destruction if they dump the threat emails.
Why are Ransom-Related DDoS Attacks (RDDoS) Becoming Popular?
RDDoS Attack is a Low-Effort than Installing Malware: Installing malware in an enterprise’s IT infrastructure requires expert skills, due diligence, and creating malicious software programmed for data theft is time-consuming. However, DDoS attacks are quick and easy to launch, with botnets readily available for rent.
Attacks are Launched Using Most Common Web Applications: Attackers are increasingly abusing a growing number of devices with built-in network protocols to amplify DDoS attacks with limited resources. Disabling built-in features, such as ARMS, WS-DD, and CoAP isn’t viable because it corresponds to the loss of business functionality, connectivity and productivity, making problem-solving a challenge.
Attackers are Motivated by the Surge in Bitcoins: Since the past six months, the price of Bitcoin is exploding, making it a newfound formula to getting rich quickly. In the wake of bitcoin prices surging, RDDoS attackers are re-prioritizing their demand strategy and returning with massive extortion campaigns. Criminals are threatening companies with serial DDoS attacks unless they pay bitcoins in ransom.
Victims are Advised Not to Pay Ransom
Law officers advise targeted companies not to pay the ransom because it encourages others to join the crime, making the ransom-paying businesses more lucrative. Extortion gangs promise to stay away from the targets once they meet the ransom demands; however, there is no guarantee that criminals would not return for more money. Taking advantage of the bitcoin price-rise, DDoS attackers, in one of their ransom emails, continued increasing the ransom amount by ten bitcoins each day until the victim paid the amount. By paying the ransom, companies do not save the business but make themselves more vulnerable to further damage.
The Ideal Solution
Block Vulnerability Points BEFORE an Attack
DDoS attacks are successful because attackers are able to exploit vulnerabilities before security personnel and mitigation solutions can identify and block them. Since many open channels are not detected real-time, vulnerabilities remain unblocked, and DDoS attacks can bypass the most robust mitigation solutions.
The cyber industry is only now aware that the technology to reduce DDoS surface risks and block DDoS attacks entirely is now available. Companies can avoid downtime and protect their networks against DDoS attacks by deploying MazeBolt’s RADAR™ without replacing their existing mitigation solutions. RADAR™ detects DDoS vulnerabilities non-disruptively and continuously and lowers the vulnerability level to 2% and below.
The real-time vulnerability report helps security teams improve their networks’ visibility and manage their vulnerability windows BEFORE a damaging DDoS attack; therefore, leaving no opportunities for attackers to exploit them for ransom
Click here to learn more about RADAR™