The Growing Threat of Ransom DDoS Attacks Requires Effective Prevention and Mitigation

The Growing Threat of Ransom DDoS Attacks Requires Effective Prevention and Mitigation

Essentially, ransom DDoS attacks are just DDoS with a ransom demand but a sudden increase in these attacks is no Bueno and bad for business.

The latest edition of the Directors Liability Survey, a study by global finex WTW and law firm Clyde & Co, reveals that cyber extortion is one of the leading concerns among company directors. Around 6 out of 10 of the company directors who participated in the survey anticipate significant or extremely significant cyber extortion risk. Cybercriminals have been emboldened to attack as they find that more people and organizations go online without the necessary precautions and cyber defenses.

Cyber extortion comes in different forms. However, they are all bound by the common goal of threatening an individual or organization with disruption, inconvenience, or reputational damage unless a ransom is paid. From ransomware to the use of online scandal videos to extort celebrities or well-known personalities, the threat of cyber extortion should not be downplayed. It is important to be ready for them with the knowledge and prevention tools.

Ransom DDoS (RDDoS) attacks

Many of those who are familiar with Distributed Denial of Service (DDoS) likely don’t know that these cyber attacks can be used for extortion. Instead of attacking a business or organization with the ultimate goal of disrupting their operations or keeping them offline, the perpetrators send a ransom demand for them to stop. The attackers usually seek payment in cryptocurrency to make the transaction unlikely to be trackable. Organizations tend to be forced to pay the ransom to avoid costly business disruptions and reputational damage. 

Essentially, ransom DDoS attacks are just DDoS with a ransom demand. The attackers flood a victim’s servers or networks with fake requests to overload them and result in downtime. They make it obvious to the victim that the attack will stop once the conditions are met, which are usually about the payment of the ransom. In some cases, the ransom can be a task like the accession to not publish or release certain information or the shelving of a product launch.

Ransom DDoS attacks are nothing new; they have been in existence since the 1990s. Notable examples of which are the 2014 and 2015 attacks of the cybercrime group DDoS for Bitcoin (DD4BC), the 2017 assault by the Phantom Squad, and the 2020 sophisticated RDDoS attack by multiple groups including REvil, Fancy Bear, Armada Collective, Lazarus Group, and Cozy Bear.

Most victims effectively mitigate RDDoS attacks. However, there are some, even institutions that are expected to have robust cyber defenses, that have difficulties addressing the problem. The New Zealand Stock Exchange, for example, suffered lingering trading suspensions in August 2021 because its web hosting provider was incessantly targeted.

More RDDoS Attack News

  1. DDoS Attacks Now Launched with Monero Ransom Notes
  2. Imperva mitigated a series of massive ransom DDoS attacks
  3. reports multimillion-dollar loss post-DDoS attacks
  4. REvil gang hits UK ITSPs with series of extortion-based DDoS attacks 
  5. Canadian firm hit by non-stop extortion-based DDoS attacks


Of course, no discussion about cyber extortion will be complete without the mention of ransomware. According to a survey by Microsoft, ransomware was the most significant cybersecurity issue in 2021. In 2022, it is set to remain the biggest cybersecurity threat for businesses.

Ransomware is without a doubt a major problem. There are reports that more than $600 million have been paid to ransomware perpetrators in 2021 with ransom payments ranging from $25,000 to over $100,000 per attack. These alarming numbers are expected to increase further in the years ahead, as it appears that prevention solutions have been largely ineffective and victims continue to pay the ransom demands.

Cybersecurity experts repeatedly advise organizations and individuals not to give in to ransom demands. However, this recommendation is largely unheeded. Many continue to pay the ransom because it is reportedly the “better” option compared to suffering heavy losses, because of the business operations disruption and reputational damage. Restoring normal operations at the soonest possible time is deemed more important than losing a few tens or hundreds of thousands.

However, it is important to make it clear that paying the ransom is not a guarantee that regular operations will immediately be restored. Case in point: Colonial Pipeline’s decision to pay $5 million to its ransomware perpetrator proved to be a bad decision. The company reportedly had to rely on its own data backups because of the haplessly slow data decryption process provided by the ransomware attacker.

Digitalized extortion

Aside from ransomware and ransom DDoS, the old concept of extortion but with aid of the internet and digital technology persists. There are those who threaten to release damaging photos, videos, or information about a person or organization unless they are paid a certain amount. Some impose conditions or tasks on a victim in exchange for the withholding of detrimental materials online. 

A couple of weeks ago, the FBI released a warning on the rising cases of cyber extortion incidents targeting teenage boys. There have been reports of “sextortion” targeting teenagers in different parts of the United States. One incident back in February had a tragic ending with the death of a 17-year-old who committed suicide because of cyber extortion.

Predators, opportunists, and other persons or groups with felonious intentions abound on the internet. They do not only attack businesses, government offices, or organizations. They can target individuals whenever they find the opportunity to do so. They can take advantage of different kinds of information or materials that can compel people to do their bidding.

Anybody can take their extortionist activities to the internet with the abundance of readily available resources for cybercriminals. Everything can be done through smartphones or cheap web-enabled devices. That’s why it is important for everyone to be prepared for the worst and anticipate the possibility of becoming the target of an extortion scheme.

Combating ransom attacks

As with the situation in dealing with other threats online, fighting the cyber extortion menace is easier said than done. The different precautions, prevention and control measures, and software tools do not warrant absolute protection. Still, it would help to do the following to minimize the risks of different kinds of cyber extortion:

  • Education – Knowledge is power against cybercrime. Getting acquainted with the different ways cyber extortion happens helps people and organizations avoid the attacks and mitigate the adverse consequences of successful attacks. For starters, the knowledge of being careful with the personal information and multimedia content shared online goes a long way in minimizing the possibility of becoming the target of extortionists. There are many resources online on how to educate or train employees to become agents against cybercrime. There are also cybersecurity institutes or providers of security training and assistance.
  • Having the right security measures and defensive tools – With the prevailing cyber threat landscape, it is virtually impossible to resist cyber extortion attacks without the right security protocols and tools. Dealing with DDoS, for instance, is not something an organization can effectively do manually. It is crucial to have the right defensive protocols and software tools or cloud-based security platforms, which are not difficult to find.
  • Creating secure backups – Data backups are a given for any organization with a good sense of disaster preparedness. However, having backups alone is not enough. These should also be adequately secured and configured to ensure the rapid restoration of regular options in case business data is corrupted, encrypted, or stolen.
  • Not paying the ransom – This may sound counterintuitive to people and organizations that are desperately trying to address a disruption or the possibility of getting inflicted with heavy reputational damage, but the refusal to pay ransoms is a must for everyone. Doing this may not have immediate benefits, but it contributes to the collective effort to make online extortion more difficult and less profitable for cybercriminals.

Prevention is preferred but…

Cyber extortion is a perennial problem that is impossible to eliminate completely. However, it is not absolutely invulnerable and totally overwhelming. There are ways to effectively combat cyber extortion in its initial phases.

Likewise, there are effective solutions to undertake mitigation efforts after an attack manages to penetrate defenses. What’s great about cybersecurity at present is that innovation and ingeniousness are not exclusive to cybercriminals. Security vendors and experts have also developed advanced innovative methods, tools, and platforms to address the problem of cyber extortion.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts