Phantom RDoS Might Be a Fake Ploy, But Beware

A group that calls itself Phantom Squad has launched an email-based ransomware DDoS (RDoS) extortion campaign against thousands of companies across the globe in the past week. They are threatening to launch DDoS attacks on their target victims on September 30 unless each victim pays about $700 in bitcoin. Fortunately, it appears this is only a group of extortionists making idle threats. Security experts predict that this group’s bark is worse than its bite; i.e., they doubt that Phantom Group has the technical power to actually launch multiple DDoS attacks on various targets. Unfortunately, there are hackers out there who do real damage by installing ransomware and launching a DDoS attack, and such attacks are becoming all too common.

DDoS and ransomware attacks often go hand in hand, and they can take two forms: 1) a threat of DDoS unless the victim pays the extortion fee or 2) a DDoS attack that precedes the ransomware installation. In most cases, it is the latter. A short, sub-saturating DDoS attack, which usually lasts less than five minutes, can serve as a smokescreen that distracts IT security staff from a more dangerous infiltration of the network. While IT staff scramble to troubleshoot “noise” on the network, hackers can find pathways and test for vulnerabilities within a network which can later be exploited through other techniques. They can subtly take down a firewall and install malware that may “sleep” on the network until it is remotely activated. Also, some low-threshold DDoS attacks go completely unnoticed by IT security staff.

If your company is unlucky enough to be the target of an RDoS attack here are some basic rules to follow:

  1. Don’t pay the ransom. You can’t trust that hackers will honor their word and not launch a DDoS attack on you. Furthermore, by rewarding the hacker’s bad behavior you would be encouraging it; they (or other cyber criminals) are likely to hit you a second time in the future, or to hit another company.
  2. Report the incident to local law enforcement.
  3. Patch software, firmware and operating systems.
  4. Train your employees to know how to avoid cyber threats such as phishing emails.
  5. Take a proactive stance to prevent the threat of a future DDoS attack. Automated DDoS mitigation technology can instantly detect and block DDoS attacks, without blocking any of the good traffic, giving your company peace of mind.

Some of Corero’s customers have experienced cyber extortion attempts and, in cases where the hackers did launch a DDoS attack against their network after our customer did not pay a ransom, the Corero SmartWall® Threat Defense System held strong and fended off the attacks.

For more information, contact us.

DDoS Ransom