A visual demonstration of DDoS on a computer Screen

30 Bitcoins Please

Security researchers at Imperva stated that there is a major global Ransom Denial of Service Campaign activity against targeting thousands of large commercial organizations globally, specifically the financial services industry. Once attacked the actors demand as much as 30 Bitcoins (approx. £225,000) with an additional 10 Bitcoins (approx. £85,000) per day the ransom isn’t paid.

RDoS v DDoS

RDoS campaigns are motivated to make money via extortion while Distributed Denial of Service (DDoS) attacks are not, but it continues to be a challenge across the industry.

Who is doing this?

These types of RDoS activity are done by numerous groups, one operates in the name of  ‘Lazarus’ and threatening to launch a DDoS attack against the customer’s entire network if a ransom is not paid within six days. Once the attack starts the ransom increases daily.

DDoS attack continues to remain one of the most sophisticated attacks in the absence of potential prevention policy at large and they don’t always involve a ransom demand. But it looks like attackers are trying to play on the company’s fear of bearing losses incurred even by the slightest of downtime.

Should You Pay?

Paying might not be the the best policy. As known cyber threat groups t usually don’t announce their intention to attack, there us a good chance the extortion email is a scam and emailers aren’t who they claim to be and don’t possess major DDoS capabilities. Even they may take the money and attack anyway or you pay and you are on the list to be revisited.

How to Protect your Network.

First get a good Potential Prevention Policy. I find the best solution is to find a Unicast and Anycast technology supplier, they introduce a many-to-many defence methodology to your network. They automatically detect and mitigate attack exploiting application and server vulnerabilities, hit-and-run events and large botnets. The other benefit to this is reaction time is less than one second, some suppliers offer 3 second SLAs.
There are other solutions and methods but the major do’s are:

  • recognise DDoS attack activity. DDoS attack activity. Large, high-volume DDoS attacks are not the only form of DDoS activity. Short duration, low-volume attacks are commonly launched by hackers to stress test your network and find security vulnerabilities within your security perimeter. 
  • understand your network traffic patterns, look to DDoS attack protection solutions that identify DDoS attack traffic in real-time
  • find out if your ISP provides a DDoS protection solution, as a built in service or an add on. Make sure you have it in place before you are attacked, if you try to set this up during an attack the ISP may not be able to do anything immediately.
  • don’t rely on IPS or Firewalls. They can’t help.
  • document your DDoS resiliency plan. These resiliency plans should include the technical competencies, as well as a comprehensive plan that outlines how to continue business operations under the stress of a successful denial of service attack. An incident response team should establish and document methods of communication with the business, including key decision makers across all branches of the organization to ensure key stakeholders are notified and consulted accordingly.

These solutions vary in price but they are a lot less expensive than falling prey to a DDoS attack and suffering downtime and/or paying the ransom, which has no guarantees.

 

For an explanation of DDoS read our article about DDoS, what its, the types and how to prevent them by going to  ‘Denial of Service Attacks and How to Deal With Them’