DDoS attacks are becoming more persistent and sophisticated every year. DDoS attacks aimed at extortion are the new high. We’ve seen new tactics where cybercriminals launch DDoS attacks to demonstrate their potential and demand money to stop the attack.
While DDoS extortion, commonly known as ransomware DDoS or RDDoS attacks, is not a recent development, the mainstreaming of cryptocurrency, Bitcoin, and Ethereum has contributed to the recent spike in ransomware DDoS attacks. A current study by WTW and Clyde & Co shows that the directors of global companies are increasingly concerned about cyber extortion.
This shows that the threat of DDoS extortion should not be downplayed; You should be ready with the best for them DDoS mitigation solutions.
DDoS is Supercharging Cyber Extortion
DDoS attacks, which began as the primary tool for electronic vandalism, script kiddies‘ ego-boosting, or hacktivists’ protest, have matured and evolved into cyber-extortion. It connects to cyber extortion in a number of ways:
- In some cases, threat actors have used the attack itself as a form of blackmail – overpowering a victim’s system with an offer to give in for the money. This tactic has a lower barrier as it doesn’t require a lot of money or programming to get started, and the DDoS service is widely available at just $10 per attack.
- More targeted DDoS attacks are also carried out to exfiltrate the data needed to launch a ransomware attack.
- Then an approach called Triple Extortion Threat, where the ransomware gangs encrypt the organization’s data and demand ransom; If the victim defaults on the ransom or does not, they use DDoS attacks as an additional leverage.
DDoS extortion on the rise
The number of DDoS extortion attacks exploded in the recent past.
“If the victim doesn’t respond quickly or doesn’t pay the ransom, the threat actors will launch a DDoS attack on the victim’s company’s public-facing website.” FBIs Flash alert drawing attention to the intensity and scope of the DDoS extortion campaign.
Ransomware gangs like BlackCat, REvil, Suncrypt, and AvosLocker have been observed conducting DDoS cyber extortion campaigns. Because of its success, other ransomware groups adopted this method. The three unprecedented DDoS extortion campaigns (REvil Copycat, Fancy Lazarus, LBA) launched simultaneously in 2021 are evidence of an ongoing trend in DDoS extortion behavior.
In May 2022, a cybersecurity company warned of REvil copycat DDoS ransomware attack campaigns against a hospitality company. This time, the attackers demanded payment in Bitcoin to end the attack. The emerging incidents show that the attackers never give up their war on companies.
Preparation is the REAL way out
When it comes to preventing the threat of DDoS extortion, no phrase sounds more accurate than “being prepared” with DDoS mitigation solutions.
Away from static rate control
The key to defending against DDoS attacks is
- Monitoring of the deviation in regular traffic as a basis for triggering the alarm. Consider this an early warning sign
- Increasing the cost of executing the attack for the attacker due to dynamic policy changes associated with behavioral anomalies (e.g. captcha, delays or blocking of sessions for a few minutes)
- Back up the monitoring solution with experts to manage it on your behalf.
- What is your regular traffic per IP, per URI, per session and for the site as a whole?
- Is there a significant deviation from this pattern (> 200% deviation on average or maximum value)?
Trigger an alert system to investigate what caused the deviation and where the traffic is coming from (bad IP, TorIP) and take action (session, block IP or issue Captcha for the session or IP). By taking control of setting a DDoS rule based on attributes and deviations, you build a system that adapts to business changes and only acts on significant deviations.
Bring in the DDoS mitigation experts
DDoS attacks are reaching new heights in intensity and duration – your DDoS mitigation strategy will definitely need the help of an expert. Mitigation options range from cloud service providers or add-on services to DDoS protection specialists such as Indusface.
With a fully managed, risk-based platform dedicated to DDoS mitigation, with 24/7 expert support, they can respond to alerts from these deviations and report what has been done, and iteratively continue to monitor to see if it’s effective is, and make further tweaks as necessary.
You are no longer vulnerable to the threat of DDoS extortion when you are ready to mitigate a DDoS attack. Don’t wait until you have a DDoS threat to start your protection. Expect attacks and take appropriate precautions to mitigate potential damage.
If you find a ransom note in your inbox — Don’t Panic, Don’t Pay – Make it easier to catch the extortionist. Call the relevant law enforcement agency and file a complaint!
Vinugayathri Chinnasamy is Senior Content Writer at Indusface. She has been an avid reader and writer in the technology space since 2015. A strategist and analyst on upcoming technology trends and their impact on cybersecurity, IoT and AI landscape. She is an aspiring content marketer who simplifies technical anomalies for aspiring entrepreneurs.