As Corero Network Security noted in its most recent report focused on Q2 and Q3 of 2017, ransom denial of service (RDoS) attacks made a significant comeback last year.
RDoS attacks enable cybercriminals to extort money from their targets. The threat actor will typically send a message to the victim demanding a ransom, according to a recent Kaspersky Lab report, this will often range from five to 200 bitcoins. If the victim refuses to issue payment, the attackers threaten to launch a DDoS attack on the victim’s online resources.
In June 2017, Armada Collective initiated a large-scale RDoS attack and demanded $315,000 from seven South Korean banks. Three months later, hacker group, the Phantom Squad began targeting companies across the U.S., Europe, and Asia demanding Bitcoin payment unless their demands were met, with threats to execute large DDoS attacks on September 30.
“As IoT botnets continue to rise, we may soon see hackers put on more dramatic RDoS displays to demonstrate the strength of their cyber firepower, so that their future demands for ransom will have to be taken more seriously,” Ashley Stephenson, CEO of Corero, said in an accompanying press statement. “Paying the ransom is rarely the best defence, as it just encourages these demands to spread like wildfire.”
Kaspersky Lab experts likewise warn companies not to pay any ransom demanded, as it will brand them “a payer” in hacking communities, and may make them more susceptible to future RDoS attacks.
Kaspersky Lab also noted that the RDoS method lets hackers threaten companies with a DDoS attack, hoping that they’ll pay, instead of actually launching an attack. If just one company pays up, the cybercriminals will have made a profit.
“Nowadays, it’s not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS-attackers,” said Kirill Ilganaev, head of Kaspersky DDoS Protection at Kaspersky Lab, in a press release. “Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion. These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration.”