Infosecurity reports that a recent survey of cyber security professionals conducted by Neustar found that “Nearly half (44%) of organizations have been targeted or fallen victim to a ransom-related distributed denial of service (RDDoS) attack in the past 12 months. Interestingly, during the same period, a lower proportion (41%) of organizations were targeted by a ransomware attack, suggesting cyber-criminals are increasingly using Distributed Denial of Service (DDoS) attacks as a means of extorting money from victims.”
Why do Cybercriminals Launch Ransom-DDoS attacks?
These are alarming, though not surprising, statistics. Ransom DDoS attacks have become increasingly common and dangerous in the past few years. RDDoS attacks are a preferred method of threat actors for a variety of reasons:
- It is much easier to launch a DDoS attack than to get ransomware installed on a network.
- Fast and relatively inexpensive DDoS-for-hire services are easy for anyone to use, with no hacking experience needed, and are now a fast-growing business on the Dark Web.
- Threat actors can more easily create dangerous botnets now, due to the ever-expanding attack surface created by VPNs for remote working, increased 5G mobile device bandwidth, and the continued proliferation of poorly secured IoT devices.
- DDoS attacks are difficult to trace to their source, which means the threat actors can more easily evade law enforcement. Ransomware attacks that encrypt data are easier to trace, and sometimes law enforcement agencies can help victim organizations find an encryption key to unlock their data.
- Cybercriminals want to make money from their activities, rather than merely create online mayhem. DDoS attacks can effectively shut down an organization’s network, or at least take some business applications offline. In today’s “always on” world, it’s important for organizations to maintain business continuity, so threat actors know that organizations are motivated to make the problem go away by paying a ransom fee.
While some organizations may understandably be tempted to cave in to ransom demands, law enforcement agencies strongly recommend not doing that, because it only rewards that criminal behavior, and inspires other threat actors to follow suit. Plus, there is never any guarantee that cybercriminals will cease and desist in their DDoS attack threats, even if the target organization pays the ransom.
The best way to prevent successful RDDoS is to deploy an effective, real-time, always-on DDoS mitigation solution that automatically protects against attacks so that threat actors can’t make any ransom demands.
For over a decade, Corero has been providing state-of-the-art, highly-effective, real-time automatic DDoS protection solutions for enterprise, hosting and service provider customers around the world. Our SmartWall® DDoS mitigation solutions protect on-premise, cloud, virtual and hybrid environments. For more on Corero’s flexible deployment models, click here. If you’d like to learn more, please contact us.