DDoS attacks grow in persistence and sophistication year over year. DDoS attacks targeting extortion are the new high. We have seen new tactics where cybercriminals launch DDoS attacks to demonstrate their potential and demand money in exchange for calling off the attack.
While DDoS extortion, commonly known as ransom DDoS or RDDoS attacks, is not a recent expansion, the mainstreaming of cryptocurrency, Bitcoin, and Ethereum contributed to the recent spike in ransom DDoS attacks. A recent study by WTW and Clyde & Co reveals that global company directors are increasingly worried about cyber extortion.
This demonstrates that the threat of DDoS extortion should not be downplayed; you should be ready for them with the best DDoS mitigation solutions.
DDoS is Supercharging Cyber Extortion
Having started as a primary tool for electronic vandalism, script kiddies' ego boost, or hacktivist protest, DDoS attack has matured and evolved into cyber extortion. It combines with cyber extortion in many ways:
- In some cases, threat actors have used the attack itself for extortion -- overwhelming a victim's system with an offer to relent for the money. This tactic has a lower barrier because it doesn't require a lot of money or coding to launch, and the DDoS service is widely available for as low as $10 per attack.
- More targeted DDoS attacks are also executed to exfiltrate the data needed to launch a ransomware attack.
- Then, an approach called triple extortion threat where the ransom gangs encrypt the organization's data and demand ransom; if the victim is delayed or not forthcoming with the ransom, they use DDoS attacks as an additional influence.
DDoS Extortion on The Rise
The number of DDoS extortion attacks exploded in the recent past.
“If the victim does not respond quickly or does not pay the ransom, the threat actors will launch a DDoS attack on the victim company's public-facing website,” according to the FBI’s flash warning, which calls attention to the intensity and scope of the DDoS extortion campaign.
Ransomware gangs including BlackCat, REvil, Suncrypt, and AvosLocker were observed using DDoS cyber extortion campaigns. Because of their success, other ransomware groups adopted that method. The three unparalleled DDoS extortion campaigns (REvil copycat, Fancy Lazarus, LBA) launched simultaneously in 2021 witnessing a continued trend of DDoS Extortion Behaviors.
In May 2022, a cybersecurity company warned about REvil copycat DDoS extortion attack campaigns against a hospitality company. This time the attackers demanded a payment in Bitcoin to cease the attack. The emerging incidents showcase the attackers never halt their war against businesses.
Preparation is the REAL Way Out
When it comes to preventing the threat of DDoS extortion, no idiom rings truer than “being prepared” with DDoS Mitigation solutions.
Move Away from Static Rate Control
The key to mitigating DDoS attacks is
- Monitoring of deviation in regular traffic as a basis for triggering alerts. Think of this as an early warning signal
- Increasing the cost of carrying out the attack to the attacker with dynamic changes in policies tied to behavioral anomalies (e.g. Captcha, delays, or block session for a few minutes)
- Back up the monitoring solution with experts to manage it on your behalf.
- What is your regular traffic per IP, per URI, per session, and for the site as a whole?
- Is there a significant deviation from this pattern (> 200% deviation on average or max value)?
Trigger an alerting system to study what caused the deviation and where the traffic is coming from (bad IP, TorIP) and take action (block session, IP or throw captcha for the session or IP). By giving control of setting a DDoS rule based on attributes and deviations, you are building a system that adapts to the changes in business and acts only on significant deviations.
Bring in the DDoS Mitigation Experts
DDoS attacks are touching new heights in intensity and duration -- your DDoS mitigation strategy will definitely need an expert's support. Options in mitigation range from cloud service providers or add-on services to DDoS protection specialists like Indusface.
With a fully managed risk-based platform dedicated to DDoS mitigation back with a 24x7 experts’ support, they can act on alerts from those deviations and report what was done and iteratively continue monitoring it to see if it is effective and make further tweaks if needed.
You are no longer vulnerable to the DDoS extortion threat when you're prepared to mitigate a DDoS attack. Don't wait until you have a DDoS threat to start your protection. Expect attacks and take proper precautions to mitigate possible harm.
If you find any ransom note in your inbox -- Don't panic, Don't Pay -- Make it easier to catch the Extortionist. Call the appropriate law enforcement and report it!
Vinugayathri Chinnasamy is a senior content writer in Indusface. She has been an avid reader & writer in the tech domain since 2015. A strategist and analyst of upcoming tech trends and their impact on the Cybersecurity, IoT, and AI landscape. She is an upcoming content marketer simplifying technical anomalies for aspiring entrepreneurs.