Ransom threats are evolving again, and this time around, operators are incorporating Distributed Denial of Service (DDoS). As reported by the Neustar International Security Council (NISC), more than two-fifths (44%) of organizations have been targeted, with or without success, with a ransom-related DDoS attack in the past 12 months.
At the same time, fewer organizations have suffered a “traditional” ransomware attack.
A ransom-related DDoS attack, or RDDoS, is relatively straightforward – unlike the “traditional” attack, in which attackers would steal and encrypt all data on the target network, a criminal group would do DDoS regardless of the websites. , customer-facing, or back-end applications that the victim might have, and demand payment to stop the attack.
Of all businesses affected by RDDoS in the past year, almost three-quarters (70%) said they had been affected more than once. About a third (36%) paid the ransom.
RDDoS operators also appear to be casting a wider net, says Neustar, as financial services, government and telecommunications have all said they are being targeted. In many cases, operators side with (or claim to have side with) attacking nation states as well.
“Rather than spending a lot of time and carefully planning to infect an organization’s network with malware or ransomware, cybercriminals are taking a simpler approach and using DDoS as a ransom vector,” said Rodney Joffe , President of the NISC, SVP and Fellow, Neustar. “For bad actors, launching a DDoS attack is relatively straightforward and also has the added benefit of being more difficult to trace back to its origin.”
Most cybersecurity professionals aren’t fully confident in their ability to prevent an RDDoS attack, despite being one of the old ways of cybercrime.
In some cases, criminals would combine the two practices: stealing and encrypting all data on a target network, then DDoS the front-end. To top it off, they sometimes even called the victims on the phone in an attempt to further intimidate them into paying the ransom.