DDoS Attacks Open the Door to Ransomware

Ransomware is a growing epidemic; the U.S. Federal Bureau of Investigation (FBI) has forecast that ransomware extortion attacks will cost over 1Billion USD in 2016. Ransomware can encrypt files, or gain control of devices that are connected to the Internet of Things (such as electrical grid controls or patient medical devices at a hospital). Encrypted files are less of a concern only if an organization has redundant backups and data security systems in place.

However, many organizations lack such security. Once hackers gain control of files or IoT devices, they have power and can leverage it for bitcoin ransom. It can be a lucrative form of cyber extortion; most attackers demand a ransom that is in proportion to what the breach will cost the target in terms of reputation, productivity, revenue or, in the case of a hospital, patient safety. The hackers don’t even have to gain control of all systems or files; just the proof that hackers have gotten “inside” a network and could do more damage is often enough to scare an organization into paying a ransom fee. Hackers scale their demand according to how much the victim is willing and able to pay.

Increasingly, hackers are pairing DDoS attacks with ransomware attacks. But the DDoS attacks are not large, volumetric attacks that cripple a website; rather, they are small, stealthy “smokescreen” attacks. They are just disruptive enough to knock a firewall or intrusion prevention system (IPS) offline so that the hackers can target, map and infiltrate a network to install malware. All too often, the attacks are so small that they go unnoticed by IT security staff or legacy DDoS protection systems.

Short DDoS attacks might seem harmless, in that they don't cause extended periods of downtime. But IT teams who choose to ignore them are effectively leaving their doors wide open for ransomware attacks or other more serious intrusions. To keep up with the growing sophistication and organization of well-equipped and well-funded threat actors, it's essential that organizations maintain comprehensive visibility across their networks with a DDoS monitoring tool to detect and block any potential DDoS incursions as they arise.

For more info, contact us.