The Corero Security Operations Center has seen an increase in cyber-extortionists targeting web hosting providers with Bitcoin ransom demands. Over the last thirty days, roughly 10% of Corero’s customer base has been faced with extortion attempts, threatening to take down their websites and services unless they pay out various Bitcoin ransoms. Through the observation of attack traffic targeted at Corero customers from Mid-September 2015 to date, and validation with specific customers, we have observed a significant rise in extortionists utilizing DDoS attacks to secure Bitcoin payments from targeted victims.
Corero customers faced with these ransom campaigns have allowed the threats to come and go without succumbing to the requests. In some cases the attacks have been carried out due to ‘lack of payment’, with attackers launching a variety of attack techniques and methodologies, but the Corero First Line of Defense held strong.
In other scenarios, DDoS attacks are first launched against the Corero customer, and ransom requests quickly follow, with the promise of ending the attacks after payment has been secured.
In either case, Corero customers have been successfully protected against these attacks with in-line, real-time DDoS protection. Attacks are detected and mitigated instantly, without disruption of good user traffic flow. Unfortunately, too many organizations operate reactively when it comes to DDoS defense, and only look to implement dedicated security solutions after a threat, or once attacks have occurred. We have heard the war stories where victims actually pay the ransom in the hopes that the attacks will subside. I think we can all foreshadow how the story ends in those circumstances.
Recently, I caught up with Dave Larson, CTO and VP Product for Corero to get his perspective on the uptick in Ransom related DDoS activity. “ The collateral damage associated with successful DDoS attacks can be exponential. When service providers lack proper protection mechanisms to defeat attacks in real-time, the costs associated with the outages are wide ranging and the impact to downstream or co-located customers can be devastating.” Dave adds, “Further fueling this epidemic is the payout on these ransom related threats. DDoS attack tools are easy to come by and perhaps even easier to use. This is an easy and anonymous recipe for anyone looking to make a quick buck, and the victims are proving this every day. Properly prepared organizations can stem this tide by refusing the ransom requests, secure in the knowledge that they are protected and can withstand the storm.”
The Internet connected business can eliminate DDoS threats, ransom related or otherwise with purpose built DDoS protection solutions. Specifically, appliance-based network security products can be deployed at the Internet edge to defeat this problem before it enters the network. A first line of defense approach prevents network and service outages due to DDoS attacks by inspecting traffic at line-rate and blocking attacks in real time, while enabling complete and sophisticated visibility for actionable security intelligence related to DDoS attacks targeting Internet-facing services.