Ransom DDoS, a Scenario Straight Out of Hollywood


If tomorrow your organization is targeted by a Ransom DDoS letter and you don’t take it seriously, I wouldn’t blame you. I admit the first time I came across a Ransom DDoS letter, I didn’t quite believe it. Something about the theatrics behind it seemed too extreme to be authentic.  But once you start reading the details and realize they have your IP addresses and network information, you start to shiver slightly. The big question comes next: what should I do?  

A ransom letter has a specific layout that is meant to achieve two things: the first, make you realize they are serious about the attack and sometimes even offer a short demonstration. The second, give you the ransom payment details (See figure 1). Ultimately the goal is to scare you as much as possible.  

ransom letter
Figure 1: A ransom letter sent to a large organization by the Lazarus Group (a notorious group of hackers)

The Easy Way Out

At this point, you are probably trying to decide if you should pay or not. The answer to that question is more complex than a simple no. As a large and successful organization, you have to consider all of the options. The price of the ransom might not be that high after all, it could be worth it to pay it and, by that, ensure the safety of your network. This approach puts business before everything else and is understandable.  

When it comes to Ransom DDoS the risks are different from a ransomware attack. Here there is no risk of data leaking that could impact customer’s privacy or information that can get lost. 

 The damage that a Ransom DDoS attack can have is twosome: the loss of network availability and the loss of internal productivity. Those risks have the potential to do a lot of damage to any organization whether internally or externally.  

Let’s not forget that in many countries paying the ransom is illegal. In October 2020, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) declared it illegal to pay a ransomware demand in some instances. It is illegal to facilitate the payment to individuals, organizations, regimes and in some cases entire countries that are on the sanctions list and some cybercrime groups meet those conditions. 

The only REAL way out
After considering all options, the right one is inevitable. Make sure you are ready for what is coming. Once you decided not to pay the ransom, an attack will probably come and very soon. The organization that received the letter shown above refused to pay, and was attacked shortly after with a massive DDoS attack that lasted almost 10 hours and reached 237 Gbps (see figure 2). The attack was highly sophisticated and included challenging attack vectors. 

ddos attack
Figure 2: Massive DDoS Attack Following Unpaid Ransom

As powerful and sophisticated as this attack might have been, the client was not impacted at all. During the attack, his network was fully available to legitimate users and business continued as usual.  

You may ask: how come? The answer is simple. By failing to prepare, you are preparing to fail. Cyber attacks were not that popular in Benjamin Franklin’s time, but without knowing so, he was right about the recommended approach to those attacks. 

The organization in question had a fully deployed hybrid DDoS protection solution that included the combination of several devices installed on premise with the option to divert all of its traffic when under a volumetric attack, to Radware’s Cloud DDoS Protection Service with over 8Tbps of mitigation capacity.  

The minute they received the letter they were not hesitant at all. They trusted the Radware DDoS protection solution they had in place to automatically detect and mitigate these attacks when they happen.  

 To pay or not to pay? That is not the question

When it comes to ransom DDoS attacks there is only one question you should ask yourself: are you prepared? Readiness is the only way to avoid being impacted by such an attack.  

Radware does offer to help organizations that are actively under attack through its emergency attack mitigation service – which enables non-Radware customers a one-time option to divert all their traffic to Radware’s Cloud DDoS Protection Service to mitigate the ongoing attack. But, there is nothing like the certitude that you will be able to manage whatever comes your way. 

With all recent events, now is the time to check and make sure you have the DDoS protection necessary for when the day comes, and your business ultimately depends on it. 

[Like this post? Subscribe now to get the latest Radware content in your inbox weekly plus exclusive access to Radware’s Premium Content.]

Eva Abergel

Eva is a Product Marketing Manager in Radware’s network security group. Her domain of expertise is data center protection, where she leads positioning, messaging and product launches. Prior to joining Radware, Eva led a Product Marketing and Sales Enablement team at Elmo Motion Control - a global robotics company - and worked as an engineer at Intel. Eva holds a B.Sc. degree in Mechatronics Engineering from Ariel University and an Entrepreneurship Development certificate from the York Entrepreneurship Development Institute of Canada.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center