Hackers using DDoS attacks to squeeze victims for ransom
According to a new blog post from Cloudflare, a major Fortune Global 500 company was targeted by a Ransom DDoS (RDDoS) attack by a group claiming to be the Lazarus Group in late 2020. This extortion attempt was part of a wider trend of ransom campaigns that unfolded throughout last year and cybercriminals will likely continue to use similar methods as they have been quite successful.
Unlike a ransomware attack where cybercriminals break in to a company’s network in order to lock their files, RDDoS attacks use the threat of taking down a company’s website with an overload of traffic and this can be crippling to their business.
Just as an organization can use cloud backup and other similar services to protect their data from being locked following a ransomware attack, DDoS protection ensures that a company’s site will remain protected if it’s suddenly flooded with an overload of traffic.
Ransom DDoS attacks
The attack covered in Cloudflare’s latest blog post began as many attacks do, with ransom emails sent out to the organization’s employees. These emails contained a ransom note which reads:
“Please perform a google search of “Lazarus Group” to have a look at some of our previous work. Also, perform a search for “NZX” or “New Zealand Stock Exchange” in the news. You don’t want to be like them, do you?… The current fee is 20 Bitcoin (BTC). It’s a small price to pay for what will happen if your whole network goes down. Is it worth it? You decide!… If you decide not to pay, we will start the attack on the indicated date and uphold it until you do. We will completely destroy your reputation and make sure your services will remain offline until you pay…”
The attackers then began sending a large amount of traffic to one of the company’s global data centers by firing gigabits of data per second towards a single server. This led to a denial of service event and generated a series of failure events.
Next the cybercriminals launched a “teaser” attack at the end of a work day that was quite difficult to mitigate due to the fact that the organization was still using an on-demand scrubbing center service. An employee at the company who spoke with Cloudflare then “realized that an always-on service would have been much more effecting than on-demand, reactionary control that takes time to implement”.
Mitigating against DDoS attacks can be quite difficult when an attack is already in progress which is why businesses should consider using real-time DDoS protection instead. We’ll likely see an increase in similar attacks this year, so now is the time to take the necessary precautions or risk having your website taken down or even worse, having to pay an exorbitant ransom not to be targeted by such an attack.