It’s early on a Monday morning, and you sit down at your computer to begin your work day. You find a ransom note waiting in your email inbox. You check for signs that files have been encrypted or deleted but find none—everything is working properly. Upon closer inspection, you realize the note threatens that unless you pay a ransom demand, your business will experience large-scale distributed denial of service (DDoS) attacks, rendering your business website and internet applications inaccessible.
Over the last several years, ransom attacks, and by extension ransom demands, have become synonymous with cybercrime, thanks to a multitude of high-profile ransom attacks that have impacted businesses of all sizes and industries. However, these attacks don’t have to involve malware or encrypting critical business information or systems. In fact, some ransom attacks don’t even require direct access.
These DDoS-based ransom threats, known as Ransom Distributed Denial of Service (RDDoS) attacks, can be highly disruptive for businesses. And unlikely malware-based ransomware attacks, RDDoS attacks require extensive infrastructure to absorb and mitigate.
How RDDoS differs from malware-based ransomware
Modern businesses’ online presence is their brand. They know that capturing and retaining customer attention and loyalty necessitates a highly performative, available digital infrastructure. This means RDDoS attacks are especially dangerous as they aim to disrupt that availability. By overwhelming a network or website with malicious traffic, attackers can render services inaccessible to legitimate users, causing direct financial losses due to downtime and impacting customer trust due to slow load times.
Extortion threats based on DDoS attacks have been around almost as long as DDoS attacks themselves. These initial RDDoS threats were few and far between; generally, a small DDoS attack would be followed by a protection offer from an “Internet security consultancy.” Over time, DDoS attacks became a mainstay of the cybercrime economy, becoming larger and more complex. Then, late in 2020, the number of RDDoS attacks surged, culminating in the U.S. Federal Bureau of Investigation (FBI) issuing a nationwide alert.
In addition to the sheer number of attacks, the current wave of RDDoS attacks has evolved from their earlier iterations in several key ways:
- Attacks are global in scope. The newest wave of RDDoS attacks has targeted commercial organizations in North America, Asia and the Pacific, Europe, the Middle East, and Africa.
- Attacks span multiple industries. After an initial wave aimed at financial services, attacks have hit companies in technology, business services, hospitality, travel, and retail. Vercara’s Security Operation Center (SOC) has mitigated attacks for a wide range of industries, including sports and gaming companies, large financial service providers, and even manufacturers.
- New tools and techniques aid attackers. RDDoS attackers are incentivized to use new DDoS techniques and do more reconnaissance to have more effective DDoS attacks and ensure that their target pays them.
Mitigation techniques differ greatly between RDDoS and malware-based ransomware attacks. Businesses can use various security tools to detect, quarantine, and remediate malware infections, but the same is not true for DDoS attacks. Mitigating a large-scale DDoS attack that follows a ransom note requires a dedicated, purpose-built third-party provider to take the brunt of that much malicious traffic for your business.
Organizations can consider implementing a robust DDoS protection solution capable of absorbing malicious traffic on their behalf and ensuring their digital infrastructure remains available and operational.
In short, your business needs to be prepared.
What to do if you get a ransom note
Finding a ransom note in your inbox is upsetting, but once the initial shock wears off, you can evaluate the severity of the risk to your business.
Most importantly— don’t panic
First and foremost, despite the threat, your business may not experience an attack as not all threat actors follow through. The reality is that most DDoS attacks (about 75%) are small-scale, likely executed by DDoS to hire gangs or utilize open-source tools that don’t require significant infrastructure. Even if your business does experience an attack, with the right mitigation partner, you can successfully avoid any degradation of service.
Don’t pay
Many RDDoS extortion notes promise that paying the ransom will send the attackers away forever. Don’t believe it. You’ll simply prove to them that you’re willing and able to pay, which could well bring you additional threats in the future.
Contact your DDoS mitigation partner
Most businesses lack the infrastructure to absorb a large-scale DDoS attack or handle a stealthy carpet bomb DDoS attack. As soon as you receive a ransom note, contact your DDoS mitigation partner with the details and the actual ransom note, if possible. If you partner with an organization that specializes in detecting and mitigating DDoS attacks, they may have insights about the attacker based on either direct experience or industry reporting.
When you share the details of the threat, such as when it’s expected and how extensive it may be, your provider will be in a much stronger position to successfully mitigate it if it materializes.
Vercara customers should reach out and proactively on-ramp to our services so that if an attack occurs, you’re protected against even a large-scale DDoS attack.
Contact the authorities
Reach out to the FBI (in the U.S.) or the appropriate cybercrime authority in your country. The 2020 FBI alert about RDDoS attacks specifically recommends that an organization that receives a threat should contact the nearest FBI field office to report it.
How to prevent an RDDoS attack
The key to withstanding a DDoS extortion threat is being ready to withstand a DDoS attack. A carefully considered DDoS mitigation strategy is the most important single precaution your organization can take. After all, when you’re prepared for an attack, the threat of one is hollow.
Your mitigation strategy should involve a risk assessment, developing a strategy, and finding the right partner to help your business weather a potential attack.
1. Assessment and risk identification
You can’t protect what you can’t find. Start by identifying all infrastructure assets at risk from a DDoS attack. Evaluate your organization’s risk tolerance for each asset to determine the appropriate level of protection needed.
2. Establishing mitigation strategies
Based on your assessment, establish specific mitigation strategies and service options that will provide optimal network protection and meet your needs. For example, an eCommerce business will likely have a low tolerance for its web server going down due to a DDoS attack and would opt to protect it using a content delivery network (CDN) or web application firewall (WAF).
3. Partnering with external experts
Your DDoS mitigation strategy will almost certainly require an outside partner. DDoS attacks are continuously evolving and reaching new heights of intensity and duration; Vercara recently mitigated a 1.4 Tbps attack and 459.10 Mpps, surpassing previous records. It’s almost impossible to withstand such prolonged and intense attacks on your own.
4. Updating your strategy
Once you have a strategy and a partner in place, ensure your configurations are kept up to date with any changes in your network and security infrastructure. This includes setting thresholds and accounting for new networks, routers, and services.
5. Preemptive protection
If you receive an RDDoS threat, work with your DDoS mitigation partner to establish pre-emptive protection for the date and time in the ransom note, including monitoring the performance and availability of your assets and mitigating potential harm.
Even if you receive an RDDoS threat, your business can weather it successfully with the right DDoS mitigation partner.
Secure your digital infrastructure with Vercara DDoS Protection
You built your business from the ground up; you deserve the peace of mind that your online presence is secure against DDoS attacks. When you partner with a DDoS specialist with a purpose-built mitigation solution, you can face RDDoS attacks with complete confidence. The experts at Vercara offer comprehensive DDoS protection tailored to your business needs.
The broadest and most adaptable DDoS defense services
Vercara’s cloud-based DDoS mitigation services are anchored by a massive, global mitigation structure, ensuring that your business receives continuous protection from threats. UltraDDoS Protect scrubs malicious traffic away from your infrastructure, defusing the large, complex attacks that threaten your operational stability.
In the first half of 2024, Vercara prevented over 34,597 hours (or roughly four years) of customer downtime.
Check out our monthly DDoS Analysis report for more details on how Vercara can protect your business.
What’s more, our team of expert DDoS mitigation specialists is available 24/7. Our team is comprised of senior-level DDoS mitigation professionals schooled in best practices and supported by an extensive countermeasures library built over more than 20 years of experience.
To learn how Vercara’s suite of solutions can help defend your organization, contact our sales team.
