When cybercriminals combine a DDoS attack with a ransom demand, this is known as a ransom DDoS attack (RDDOS). The damage in such a case can be considerable and should not be taken lightly.
The term is made up of the words ransom and DDoS Distributed denial of service. Another well-known term often used in this context is extortion.
There are usually two methods for an RDDoS attack:
In a typical DDoS attack, the criminals direct as much traffic as possible from various sources, such as botnets or booked DDoS services, to the victim’s website in order to tie up the traffic resources available there and thus overwhelm the online services.
The malicious traffic can either target network layers 3 & 4 or hit application layer 7 of the OSI model.
The result is severely limited performance, and, in the worst case, a complete overload of the services offered. This is a scenario that must be prevented at all costs.
RDDoS extortion letters are not composed of newspaper snippets, nor do they come by mail. They are usually sent to victims digitally via email.
In some cases, these notifications contain a surprising amount of information and are therefore often more informative than the probably expected two-liner:
In order to create a threatening situation for the victim, such gestures play a supporting role in the cover letter. At this point, the perpetrators announce an attack or boast about an attack they have already carried out.
Here, they also give more details about the type of attack, such as how massive it will be and how long it will last. But be careful: Just because the perpetrators threaten a large attack does not mean that the capacities for it are even available.
At this point, the potential time period when the blackmailers plan their action could also be defined to give a sense of time pressure.
Not every hacker proceeds in this way; some prefer to keep the victim in the dark regarding the time of attack. The greater the supposed surprise effect, the greater the calculated insecurity of the victims.
It is a pleasure to mention dazzling names of the criminal scene to which the blackmailers allegedly belong. Mentioning well-known hacker groups like Fancy Lazarus, Armada Collective or Fancy Bear is supposed to intimidate the victim.
And indeed, all three groups have caused quite a bit of extortionist furor in the past – however, many copycats take advantage of these names and hope for more success.
Of course, an RDDoS ransom note must not lack the desired amount that the perpetrators demand from the victim.
In addition, the ransomware email contains further information on how the amount should be paid. Meanwhile, cryptocurrency is the preferred payment method because the transaction is difficult to track.
However, some perpetrators still demand usual means of payment, which must be handed over in the corresponding local currency.
Cybercriminals also like to set payment deadlines to put further pressure on the victim. If the deadline is not met, an attack must be expected.
To intensify the coercion, they often threaten that the amount to be paid will steadily increase the longer (hours, days) the affected company resists or even refuses to pay a ransom.
Yes, you should take a threatened RDDoS attack seriously.
But: An extortion letter is written quickly. Not every threat you receive actually has to lead to an attack. If perpetrators notice that the target has implemented effective DDoS protection, they quickly give up – before an attack attempt is even launched.
Large-scale RDDoS attacks in particular must be well prepared. Such serious attacks require many resources and even greater expertise. Not every attacker has a botnet at their disposal to cause massive damage with strong and persistent waves of attacks.
However, smaller attacks are quite realistic in the age of cybercrime-as-a-service. Especially since almost anyone can buy a DDoS attack for little money, and no longer just on the darknet.
Absolutely not. Under no circumstances should affected companies respond to ransomware from cybercriminals.
And for several reasons:
If you become a victim of extortion, we recommend that you contact the authorities directly and describe the case to them.
You should also check your IT protection measures down to the smallest detail. If you are not sure whether the implemented DDoS protection is sufficient, contact specialists.
Many people believe that Ransomware and Ransom DDoS are one and the same thing. But far from it, both types of attacks act completely differently. The only thing they have in common is that you end up being blackmailed by hackers.
While Ransom DDoS threatens to make it difficult or impossible to access services by bombarding traffic, Ransomware is malicious software instead.
Perpetrators try to infiltrate this malware at the target, for example via contaminated e-mail links, so that the malware infects the systems there, encrypts the databases and locks out the owner.
The hackers then demand a ransom from the affected company to release the infected systems. The same problem applies here as with Ransom DDoS: don’t pay sums to extortionists. No one can guarantee that you will be out of danger afterwards.
If RDDoS threats are to be successfully fought, then a professional and proven security technology will help.
With Link11’s security solution, you get real-time DDoS protection. This means that an AI system protects you automatically around the clock and is constantly evolving. This means you are always one step ahead of the attackers.
If you have already been the victim of an RDDoS attack and are being blackmailed by cyber criminals, you are also welcome to contact us. We are always available to assist you in an emergency as well.