DoS, DDoS und RDoS – What is the difference?

  • Fabian Sinner
  • April 11, 2022


DoS, DDoS und RDoS – What is the difference?

The three terms DDoS, DoS and RDoS look very similar at first glance and also have many things in common, but despite all this they should be evaluated completely differently.

All three definitions are digital attack types that cybercriminals are extremely fond of using to cause massive damage to victims. We will explain what the terms are all about.

DoS – Denial of Service

Denial of Service means something like “prevention of a service”. The intended target, for example simple websites or complex digital services, are to be completely put out of service or at least disrupted to provide a significantly weaker user experience. On a technical level, this means that a DoS attack stresses the target server with requests in order to bring it to its knees.

A common DoS attack is simple, as the attacker only needs a single Internet connection to perform an attack. As damaging as the attack can be, however, the possible solutions for stopping the attack are obvious: Since the threat only comes from a single source, the attack can be stopped by no longer accepting requests from this source.

An unintentional denial of service can also occur if, for example, programming errors occur that can lead to an overload of the host. In addition, a large rush during one of the countless annual shopping events (Black Friday, Valentine’s Day), can “clog” the access. This happens when the offered server performance is not sufficient for the real traffic and thus the offered service is affected in its performance.

DDoS – Distributed Denial of Service

We speak of a distributed denial of service when it is a distributed attack. This means that the attack is not carried out by just one source, but a large number of systems join together to form a large-scale attack. In the usual case, this happens with botnets – a whole armada of IoT devices previously infected with malware that switch regular requests to the target server at the push of a button, overloading it in a very short time.

Such an attack can result in various targets, such as overloading the network interface, overloading the deployed DNS service, or blocking web server applications due to too many requests. The bottom line is always the same: the targeted destinations function significantly less efficiently or, in the worst case, are no longer accessible at all.

A major problem is that cybercriminals are constantly developing their approach and using new DDoS methods such as carpet bombing or amplification attacks (middlebox) to cause maximum damage. The complexity of attacks is also increasing, such as multi-vector attacks that can only be stopped by professional DDoS defences.

The result of such an attack can have catastrophic effects – especially in the case of an ongoing attack that negatively affects systems for several days or even makes them inaccessible to users.

RDoS – Ransom Denial of Service

In an RDoS attack, hackers combine a denial of service with a ransom. The sequence of events in such an incident is always the same: criminals contact companies by e-mail and demand a large sum of money. If the company is not willing to pay this amount, DDoS attacks are carried out on the target until the demands of the extortionists are met. It is also common that the financial demands of the cybercriminals become higher and higher the longer the company refuses to pay.

If the victim is not prepared for such a case, he can quickly maneuver himself into an extremely dicey situation. However, if effective DDoS protection is in place, ensuring protection on all vectors, there is a good chance of surviving an RDoS attack without any damage. This is because hackers give up quickly when they realize that the targeted victim is well prepared for attacks and the first offensive efforts fail.

Important: RDoS and the rather popular term Ransomware are two completely different topics despite the similar names. Ransomware is malware that is infiltrated via mail attachments, for example, in order to lock computers or encrypt data. The victim then only regains access to the devices or files after paying a ransom. This does not happen with an RDoS attack.


All three terms often do not bode well for the affected targets, because all of them are actions that are either carried out with a malicious ulterior motive or at least have a negative impact on the actual services. With professional DDoS protection, however, the potential dangers of DOS, DDoS or RDoS are minimized and in 9 out of 10 cases pose little threat to the affected companies. However, if such an attack hits an unprotected target, the situation can very quickly develop in an uncomfortable direction for the victim.

Warning of Serious DDoS Blackmail Campaigns Attributed to Fancy Bear Group
Link11 DDoS Report: 70 % Increase in Attack Volume
This site is registered on as a development site. Switch to a production site key to remove this banner.