Ransom DDoS

  • Fabian Sinner
  • May 5, 2023

Table of content

    Ransom DDoS

    What is Ransom DDoS?

    When cybercriminals combine a DDoS attack with a ransom demand, this is known as a ransom DDoS attack (RDDOS). The damage in such a case can be considerable and should not be taken lightly.

    Typical distributed denial of service attacks are now part of everyday business life. The numbers are alarmingly high – especially since the start of the Covid 19 pandemic.

    Ransom DDoS – The Defintion

    The term is made up of the words ransom and DDoS Distributed denial of service. Another well-known term often used in this context is extortion.

    There are usually two methods for an RDDoS attack:

    1. The attacker launches a DDoS attack that harms the target and subsequently demands a ransom to stop the bombardment. If the victim does not comply with the demand, the attacks continue.
    2. The cybercriminals contact the target before an attack and demand a ransom amount. If the victim does not respond, an attack is threatened. This case is particularly insidious because the affected company does not know whether the perpetrator even has the capacity for the announced attack.

    In a typical DDoS attack, the criminals direct as much traffic as possible from various sources, such as botnets or booked DDoS services, to the victim’s website in order to tie up the traffic resources available there and thus overwhelm the online services.

    The malicious traffic can either target network layers 3 & 4 or hit application layer 7 of the OSI model.

    The result is severely limited performance, and, in the worst case, a complete overload of the services offered. This is a scenario that must be prevented at all costs.

    Distributed denial of services are extremely complex. There are various attack methods that are worth protecting against.

    What does a RDDoS ransom demand look like?

    RDDoS extortion letters are not composed of newspaper snippets, nor do they come by mail. They are usually sent to victims digitally via email.

    In some cases, these notifications contain a surprising amount of information and are therefore often more informative than the probably expected two-liner:

    • Threatening gestures

    In order to create a threatening situation for the victim, such gestures play a supporting role in the cover letter. At this point, the perpetrators announce an attack or boast about an attack they have already carried out.

    Here, they also give more details about the type of attack, such as how massive it will be and how long it will last. But be careful: Just because the perpetrators threaten a large attack does not mean that the capacities for it are even available.

    At this point, the potential time period when the blackmailers plan their action could also be defined to give a sense of time pressure.

    Not every hacker proceeds in this way; some prefer to keep the victim in the dark regarding the time of attack. The greater the supposed surprise effect, the greater the calculated insecurity of the victims.

    • Affiliation

    It is a pleasure to mention dazzling names of the criminal scene to which the blackmailers allegedly belong. Mentioning well-known hacker groups like Fancy Lazarus, Armada Collective or Fancy Bear is supposed to intimidate the victim.

    And indeed, all three groups have caused quite a bit of extortionist furor in the past – however, many copycats take advantage of these names and hope for more success.

    • Demand for payment

    Of course, an RDDoS ransom note must not lack the desired amount that the perpetrators demand from the victim.

    In addition, the ransomware email contains further information on how the amount should be paid. Meanwhile, cryptocurrency is the preferred payment method because the transaction is difficult to track.

    However, some perpetrators still demand usual means of payment, which must be handed over in the corresponding local currency.

    • Payment deadline

    Cybercriminals also like to set payment deadlines to put further pressure on the victim. If the deadline is not met, an attack must be expected.

    To intensify the coercion, they often threaten that the amount to be paid will steadily increase the longer (hours, days) the affected company resists or even refuses to pay a ransom.

    Do extortion letters need to be taken seriously?

    Yes, you should take a threatened RDDoS attack seriously.

    But: An extortion letter is written quickly. Not every threat you receive actually has to lead to an attack. If perpetrators notice that the target has implemented effective DDoS protection, they quickly give up – before an attack attempt is even launched.

    Large-scale RDDoS attacks in particular must be well prepared. Such serious attacks require many resources and even greater expertise. Not every attacker has a botnet at their disposal to cause massive damage with strong and persistent waves of attacks.

    However, smaller attacks are quite realistic in the age of cybercrime-as-a-service. Especially since almost anyone can buy a DDoS attack for little money, and no longer just on the darknet.

    Should the ransom be paid?

    Absolutely not. Under no circumstances should affected companies respond to ransomware from cybercriminals.

    And for several reasons:

    • The ransom paid will most likely be used for further criminal machinations. Payments are indirectly supporting future crimes.
    • You make yourself a more lucrative target: the payment proved that you are willing to pay. Why shouldn’t the blackmailers just come back?
    • There is a high chance that you will fall for a bluff. A threat does not have to be put into action right away. RDDoS perpetrators make their money from the mass of threats. Only in rare cases does an attack actually occur.

    If you become a victim of extortion, we recommend that you contact the authorities directly and describe the case to them.

    You should also check your IT protection measures down to the smallest detail. If you are not sure whether the implemented DDoS protection is sufficient, contact specialists.

    Contact now

    What is the difference between Ransomware and Ransom DDoS?

    Many people believe that Ransomware and Ransom DDoS are one and the same thing. But far from it, both types of attacks act completely differently. The only thing they have in common is that you end up being blackmailed by hackers.

    While Ransom DDoS threatens to make it difficult or impossible to access services by bombarding traffic, Ransomware is malicious software instead.

    Perpetrators try to infiltrate this malware at the target, for example via contaminated e-mail links, so that the malware infects the systems there, encrypts the databases and locks out the owner.

    The hackers then demand a ransom from the affected company to release the infected systems. The same problem applies here as with Ransom DDoS: don’t pay sums to extortionists. No one can guarantee that you will be out of danger afterwards.

    The solution against Ransom DDoS: A proven protection.

    If RDDoS threats are to be successfully fought, then a professional and proven security technology will help.

    With Link11’s security solution, you get real-time DDoS protection. This means that an AI system protects you automatically around the clock and is constantly evolving. This means you are always one step ahead of the attackers.

    Link11 DDoS Protection

    If you have already been the victim of an RDDoS attack and are being blackmailed by cyber criminals, you are also welcome to contact us. We are always available to assist you in an emergency as well.

    Emergency request

    What is Secure DNS and Why Do I Need it?
    Protective Measures: New “proxyjacking” attack exploits Log4j vulnerability