The Links Between Ransom, Ransomware and DDoS Attacks

Of all the cyber threats, distributed denial of service (DDoS) ransom attacks and ransomware are high on the list of IT security concerns today. These attacks are growing more common and they are expensive to remediate. In simple terms, ransom attacks come in two forms:

  1. Cyber criminals threaten to launch a DDoS attack on an organization’s site unless the organization pays a ransom fee of $XXX in Bitcoin; or
  2. Cyber criminals infect machines in a network with crypto-ransomware that encrypts all files, then demand a ransom fee to unlock the files.

The first type of ransom attack is troubling enough (by the way, people should not pay a ransom, according to law enforcement officials). However, a ransomware attack is more feared and abhorred by IT security professionals for two reasons: a) it encrypts data, potentially resulting in permanent loss of data and b) it can cost a business tens of thousands of dollars to pay a cyber extortionist (unlike ransom demands on consumers, which typically are much less expensive, in the hundreds of dollars).

DDoS & Ransomware

You may wonder, what does ransomware have to do with DDoS attacks? The link is this: DDoS attacks are increasingly used as smokescreens for more nefarious network infiltrations, such as ransomware. DDoS attackers are getting more sophisticated; their objective is seldom to cripple a website, but rather to distract IT security staff with a low-bandwidth, sub-saturating DDoS attack. Such attacks typically are short in duration (under 5 minutes) and volume, which means that they can easily slip under the radar without being detected by some DDoS mitigation systems.

Five minutes may seem like an insignificant amount of time – but an attack may only need a few seconds to take critical security infrastructure, such as firewalls and intrusion prevention systems (IPS), offline; in effect, the network doors are wide open. While IT staff scramble to handle the momentary network outages, hackers can use automated scanning or penetration techniques to map a network and install ransomware.

Unfortunately, most cyber security solutions focus on recovery from a ransomware attack, rather than preventing one. Companies should take a more proactive stance when it comes to preventing ransomware attacks, and one way they can do that is by installing DDoS protection hardware that automatically detects and blocks even the smallest of DDoS attacks, 24×7. Only then can IT security teams have comprehensive visibility into network incursions.

For more information, contact us.

Subscribe DDoS Blog