Table of Contents
Ransom distributed denial of service (RDoS), also known as DDoS-for-ransom, attacks involve threat actors launching DDoS attacks against a target and demanding a ransom payment to stop or mitigate the attack. The primary goal of these attacks isn’t to disrupt the target’s online services by overwhelming their systems with a flood of traffic but to extort money with threat of doing this.
The first major reported RDoS was against ProtonMail, a popular Switzerland-based provider of encrypted email services, in November 2015. The threat actors sent the company a message threatening to flood the service with traffic it couldn’t handle unless they paid up. To prove they weren’t bluffing, they did a test incursion that made the service inaccessible for about 15 minutes.
Since then, ransom DDoS attacks have only proliferated and become more severe.
Let’s look at some of the more recent ransom DDoS activity and what it means for your company’s protection.