Technoroll

Ransom Attacks That Go Beyond Basic Ransomware

Cybercriminals don’t stick to the same old tricks. Exploitable vulnerabilities get plugged, users get wise to certain phishing email templates, and the rise and fall of different software platforms all mean that cyber attackers need to switch up their strategies in order to continue causing problems over a prolonged period of time.

In recent years, there’s been a rise of cyber attacks motivated not simply by causing chaos, but by attempts to extract money. The most famous of these, a fixture among the threats faced by cyber security experts, is the ransomware attack. As its name suggests, these attacks hold users to ransom by threatening them with damaging repercussions should they refuse to hand over their money to a shadowy hacker.

The “classic” form of ransomware involves malware that encrypts vital or sensitive files belonging to a user, and only allows them to unlock them by providing them with a special encryption key in exchange for cold, hard cash. This monetary transaction is usually conducted in bitcoin or another cryptocurrency, so as to make it more difficult to trace the identity of the attacker and where the money has been sent to.

But a new type of ransomware attack, allowing criminals to monetize their attacks, has been gaining momentum: The ransomware DDoS attack. For those without the right safety precautions, these attacks can be devastating in their consequences.

Holding Victims To Ransom

A DDoS (Distributed Denial of Service) attack is, like ransomware, a form of cyberattack that gained considerable momentum in recent years. A DDoS attack involves overwhelming a target — frequently a website or online service — with massive amounts of fraudulent traffic. Like making huge numbers of fake hotel or restaurant reservations in the interests of causing trouble, doing this makes the service in question inaccessible to legitimate customers. 

A website or online service can be so bombarded with requests that it slows to a crawl — or is even knocked offline entirely. DDoS attacks have taken down some of the world’s biggest websites and services at various times, with the largest attacks sending multiple millions of requests per second. Attacks have gotten more sophisticated and longer-lasting, too. It’s not unknown for an attack to last days, weeks, or even over a month. Since even an hour of unwanted downtime can be costly to a business, this is potentially crippling in its effects.

For this reason, a DDoS attack is among the most feared forms of cyber attack. Ransomware attackers know this and are fully willing to weaponize users’ fear surrounding this subject. 

In a ransomware DDoS attack, attackers will send a ransom note demanding a certain payment be made to stop an attack. In some cases, they may initiate a sample DDoS attack to begin with in order to show that they are serious. In others, they might just begin with the ransom note, and threaten an attack if their demands are not met. To lend credibility to their threat, would-be attackers may affiliate themselves with a well-known hacker group like the Armada Collective, Lazarus Group, Fancy Bear, or others. All of these are well known to be credible attackers with frightening track records for attacks. A ransom note will also come with a deadline of some sort, after which the attack will be waged.

The Rise In Ransom-based DDOS Attacks

According to recent research by the Neustar International Security Council (NISC), a significant 44 percent of organizations surveyed said that they had been victims or targets of ransomware DDoS attacks over the past year. This figure is higher than the 41 percent or organizations who said they had been targeted by a classic ransomware attack. 

This indicates that ransomware attackers are increasingly switching over to DDoS attacks in an attempt to extort money from targets. The research suggests that 70 percent or organizations were targeted with these attacks multiple times, higher than the 57 percent who were infected by ransomware malware on multiple different occasions. Attacks covered a plethora of sectors, including online businesses, governments, financial services, and more.

For attackers, the threat of a ransomware DDoS attack makes a whole lot of sense. With businesses aware of the financial damage a DDoS attack can wreak, many will at least entertain the idea of paying a ransom since it may be cheaper than suffering a sustained period of service outage — which may also include long-term damage to reputation or lost ground to rivals in ultra-competitive sectors. 

Furthermore, while it’s wise not to think attackers are making empty threats, it’s not out of the question that some attackers will threaten more devastating attacks than they are actually capable of delivering. An attacker claiming to be part of a well-known hacker syndicate may not actually be affiliated with them, any more than a person claiming to be a celebrity on an internet chatroom will definitely turn out to be that individual.

Defending Against DDoS

Calling the bluff of attackers is a short-sighted defense, however. What organizations need to do is to take the right steps to protect themselves against DDoS attacks of all kinds. Fortunately, cyber security tools are available to help them do exactly that. 

Anti-DDoS tools include the likes of Web Application Firewalls (WAFs), which act by stopping malicious traffic in its tracks but continuing to allow properly filtered traffic through to reach its destination. It’s also possible to protect against big volumetric attacks using scrubbing centers able to cope with the high volume of traffic that accompanies a DDoS attack.

DDoS attacks aren’t going away. But by taking the right precautions, it’s possible to de-fang them as a major threat. That’s a smart investment for any organization.

Follow Technoroll for more!

Exit mobile version