Ransomware is a type of malware that infects a computer system to encrypt its data and block the victim from accessing that data. It has long plagued cybersecurity efforts around the world, and it’s becoming more common and costly. Cybercriminals are motivated by money, and they are making plenty of it lately by using extortion as a means. According to Palo Alto Networks’ Unit 42 threat intelligence team, and its new Ransomware Threat Report, “The average ransom paid for organizations increased from US$115,123 in 2019 to $312,493 in 2020, a 171% year-over-year increase. Additionally, the highest ransom paid by an organization doubled from 2019 to 2020, from $5 million to $10 million.” The report noted that cybercriminals are increasingly stealing sensitive data from their victim’s networks before they initiate the ransom demand, and then threatening to publish that data on the open Internet unless the ransom is paid. This is double-extortion; they steal a prized asset, then leverage that to demand money.
Unit 42’s findings present clear evidence that more organizations are paying ransoms, which is why cybercriminals are increasingly launching ransom attacks and demanding larger ransom payments. Unfortunately, when organizations actually concede to the criminals by paying a ransom, it encourages more bad behavior, which is why, in general, law enforcement agencies strongly recommend that organizations should not cave in to the demand when criminals attempt such extortion.
The extortion methods are straightforward; i.e., a perpetrator demands that the victim pay X amount in bitcoin (one Bitcoin is now equal to approximately 60,000 USD), or else he will a) hold the victim’s data hostage forever, or b) publish the victim’s data (which typically includes personal data or intellectual property), or c) launch a large, volumetric distributed denial of service (DDoS) attack on the victim’s network or website. The latter type of threat is also known as an R-DDoS attack.
Tesla, the electric car company, recently foiled a potential R-DDoS plot, with the help of the FBI. In this case, a Russian cybercriminal (Egor Igorevich Kriuchkov) attempted to recruit a Tesla employee to cripple Tesla’s electric battery plant in Reno, Nevada with ransomware, and steal company secrets, in exchange for a million dollars. According to the StarTribune, “In court documents, Kriuchkov was quoted saying the inside job would be camouflaged with a distributed denial of service attack on plant computers from outside. Such attacks overwhelm servers with junk traffic. If Tesla didn’t pay, the purloined data would be dumped on the open internet.”
Any organization that lacks proper DDoS protection is vulnerable to similar, or worse, ransom threats. Ransomware-as-a-service and DDoS-as-a-service markets are thriving on the Dark Web, so cybersecurity professionals should realize that their organizations are increasingly vulnerable to both types of attacks. Ransomware or DDoS attacks are seldom foiled by law enforcement, as in the Tesla example above. That’s why it’s crucial to have strong cybersecurity defenses and good cyber hygiene practices internally to ward off the threat of ransomware, DDoS attacks or a combination of the two. To learn how to protect your organization from a ransomware DDoS attack, download our white paper, “Surviving Ransom Driven DDoS Extortion Campaigns.”
Corero Network Security is a global leader in real-time, high-performance, automatic DDoS defense solutions. Corero’s industry leading SmartWall and SecureWatch technology protects on-premise, cloud, virtual and hybrid environments with a scalable solution that delivers a more cost-effective economic model than ever before. If you’d like to learn more, please contact us.