If you work in network security, you never want to get a message like this. Unfortunately, more and more security teams are receiving them; one of our clients got this one. And even though it says “don’t worry” right there in the third paragraph, you can be sure they were alarmed.
The alarming rise of RDDoS attacks
This explicit threat is part of a significant and disturbing trend in cybercrime: a rising tide of attacks that threaten to paralyze an organization’s digital assets through a cripplingly large DDoS (Distributed Denial of Service) attack unless the victim pays a significant ransom to the crooks.
The anatomy of a ransom DDoS threat
These ransom notes often include hallmarks that make them particularly chilling:
- Credibility-building references: They refer to recent, widely reported DDoS attacks that successfully froze major institutions.
- Fear-inducing claims: They imply the source of the threat is a notorious, well-known cybercrime group capable of executing the attack.
- Proof of capability: They promise a phased attack, starting with a small demonstration DDoS, escalating to a massive, “unstoppable” attack.
- Payment demands: They require cryptocurrency payments, typically between $100K and $300K, with assurances of confidentiality if the ransom is paid—or dire consequences if ignored.
A history of ransom DDoS attacks
These kinds of attacks aren’t new. The first threats date back to around 2003, initially targeting online gaming companies. However, the frequency and scale of these attacks have surged recently, prompting a flash warning from the FBI. This attack method is now so prevalent it has earned its own acronym: RDDoS (or RDoS) for Ransom Distributed Denial of Service.
Key facts you need to know about RDDoS attacks
Based on insights from our Security Operations Center and industry reporting, here’s what you need to know:
1. RDDoS attacks are global in scope
Organizations in North America, Asia, Europe, the Middle East, and Africa have all been targeted.
2. They affect multiple industries
While financial services were the first targets, attackers now also aim at technology, business services, hospitality, travel, and retail sectors.
3. The attackers may not be who they claim
Recent threats often claim to be from infamous cybercrime groups like Fancy Bear, Cozy Bear, the Lazarus Group, or the Armada Collective. However, trusted sources suggest that these claims are often false.
4. Not all threats lead to massive attacks
Though notes often warn of attacks up to 2 Tb/sec, observed attacks are usually smaller (20 to 300 Gb/sec) and employ multiple vectors. These attacks are significant but fall short of their threats.
5. Sometimes, no attack follows the threat
It remains unclear why some threats result in attacks while others do not. It’s possible that multiple actors with varying capabilities are involved or that improved cloud-based DDoS defenses deter some attackers.
Cybercrime is always evolving: be prepared
As with all cybercrime, these threats will likely continue to evolve. Attackers will refine both their messaging and techniques, making vigilance and preparation critical.
What to do if you’re targeted by an RDDoS attack
If you receive an RDDoS threat, here’s what you should do:
1. Don’t panic – and don’t pay
The FBI recommends against paying ransoms. Doing so could mark your organization as a soft target, inviting further threats.
2. Contact the FBI
Reach out to your nearest FBI field office if you’re targeted. The information you provide could help prevent future attacks and identify the perpetrators.
3. Use a robust DDoS mitigation service
A DDoS mitigation service, like UltraDDoS Protect, can automatically detect and block attack traffic. If you’re already a Neustar Security Services customer, your infrastructure is protected—even against threats as large as 2 Tb/sec—thanks to our global data scrubbing network, which can handle over five times that volume.
Need help with DDoS protection?
If you’re concerned about your organization’s ability to withstand DDoS attacks, or simply want to consult with a security expert, don’t hesitate to request an email contact from one of our specialists.
