In the past few months, Radware’s threat research center has issued several alerts about a global ransom DDoS campaign targeting finance, travel and e-commerce (read the threat alert and the campaign update). With the proliferation of DDoS-for-Hire tools (read the alert), economics favor the attackers, who can easily launch massive DDoS attacks to extort organizations that generate their revenues online.
The ransom fee is typically set between 1 to 10 BTC, depending on the organization’s revenue scale (10 BTC is equivalent to $113K). How is the ransom calculated? It’s not a random value; it represents the investment in proper defense against DDoS attacks.
It’s About the Provider
The question–to pay or not to pay–goes back to another question: who is your DDoS mitigation provider? If you are paying up to $1,000 per month to protect against DDoS attacks, you are paying it to a provider who assumes that you are rarely attacked and mainly looks for an “insurance-level” protection. If you are paying $10,000 per month (assuming your internet traffic is above 1Gbps), then your provider assumes you are constantly targeted by attackers.
So, what is the difference between the $1K provider and the $10K provider, and how is it relevant to the ransom DDoS campaign?
The $1K providers offer DDoS protection for companies that would rarely be attacked. Their infrastructure is designed for sporadic attack events, limited mitigation capacity and basic SOC. Why basic? Because when you handle infrequent attacks you cannot grow expertise on par with attack techniques and advancements.
The $10K providers offer DDoS protection for companies that are under constant attack, and their business is sensitive to service degradation or outages. Their infrastructure is designed for high volume attack mitigation and their SOC handles attacks on a daily basis – which makes them real experts in what they do.
To Pay or Not to Pay?
Now the answer is quite simple: if you have partnered with an experienced DDoS mitigation provider, you are safe to ignore the ransom letters. Furthermore, paying the ransom demand will only incentivize the malicious actors to continue their campaign.