DDoS Attacks are Increasingly Ransom-Focused
There’s no getting around just how devastating a Distributed Denial of Service (DDoS) attack can be.
A DDoS attack works by bombarding a target with huge amounts of fake traffic. On the surface, that doesn’t necessarily sound too bad. After all, websites and online services want to attract traffic. While they seek to attract genuine traffic, isn’t fake traffic a little bit like having a store that looks busy, but with most of the visitors being browsers who don’t actually buy anything? The answer is yes — up to a point.
A certain amount of traffic on the internet is non-human bot traffic. But DDoS attacks are different. They don’t just make up a minority of the traffic on a particular website. Instead, the purpose of attackers is to overwhelm a website or service with so many fake requests that it is left unable to deal with real, legitimate ones.
Damaging DDoS attacks
To return to the analogy of a store, it’s the equivalent of having a store that’s got so many non-purchasing browsers inside, all asking questions of the employees, that there’s no room for legitimate customers.
DDoS attacks are capable of throwing sufficient fake traffic at targets (probably the largest DDoS attack on record, disclosed by Google in October 2020, reached 2.54 Tbps) that they can bring down even major targets. They do this by using a “botnet” of malware-infected third-party computers or devices which can be used to simultaneously send traffic to a particular source.
A DDoS attack can be damaging in all sorts of ways — from the immediate cost of the (unasked for) downtime to dented customer loyalty in the event that people are unable to access your website or online service when they need it.
The results may be extremely harmful, particularly at a time when many businesses are already struggling.
The rise of ransom attacks
Cyberattackers know how harmful such attacks can be and, unfortunately, are more than willing to take advantage of this to enrich themselves. As DDoS attacks have become more commonplace (and feared), a number of cyberattackers and malicious actors threaten victims with DDoS attacks in the event that a ransom is not paid. This could be a figure in the tens or even hundreds of thousands.
In some cases, attackers may commence a DDoS attack and then demand payment in order for the attack in progress to be halted. Alternatively, an attacker may stage an attack, then take credit for it, and threaten subsequent ones as a means of extorting money.
In yet another approach, attackers may simply send ransom notes containing details of the attack they claim they can deliver. To make these attacks appear more plausible, they might claim to be a well-known hacking group or to have affiliation with an entity that could deliver such an attack.
As with the other approaches, the goal is to prompt the target to pay out a sum — usually in a cryptocurrency like bitcoin so as to make it difficult to trace — to avoid being the victim of a DDoS attack.
Don’t pay extortionists
In some cases, a threatened Ransom DDoS (RDDoS) attack may be a confidence trick with the claimed attacker not actually capable of delivering such an attack. However, in an age of DDoS-for-hire services, allowing would-be cybercriminals to rent botnets for just a few dollars, this has greatly lowered the barrier to entry for staging DDoS attacks. That, in turn, has increased the prevalence of such incidents.
As with other forms of ransom attack, paying the ransom is not something that should be considered. Organizations including the FBI do not advocate users paying cyberattackers, just as they do not advocate negotiating with terrorists.
In the micro sense, paying attackers does not guarantee that they will call off an attack (if, indeed, they were in a position to stage the attack to begin with) and could make it more likely that they will target you again in the future, knowing that you were previously willing to pay up.
In the macro sense, being willing to pay confirms that the broader strategy of ransom attacks works, and could result in them becoming even more prevalent than they already are.
Protect yourself from demands
Instead of caving in to demands, organizations should make sure that they are properly protected to begin with. Bringing in cybersecurity experts can give you the tools you need to do this. Modern cybersecurity DDoS defense is able to analyze incoming traffic and filter out anything suspicious or likely to be harmful. This has the advantage of continuing to allow legitimate traffic through, while blocking bad actors — thereby allowing you to carry on business as usual, but without having to worry about the risks.
RDDoS attacks are on the rise. However, by choosing the right approach you can guard against them. DDoS protection eliminates the need to pay extortion demands, or even to have to consider it. Investing in the right tools to help safeguard against such attacks is one of the smartest moves you can make from a cybersecurity perspective.