DDoS & Ransomware: A Dreadful Combination

Ransomware payments more than doubled from 2020, reaching nearly $1.2 billion in payments from US financial institutions just in 2021.

Ransomware attacks are more frequent, more varied, and already incredibly costly to their victims. The total average cost of a ransomware attack in 2021 was $4.62 million, according to IBM’s Cost of a Data Breach Report. Tacking on a DDoS attack as well takes cyber extortion to the next level.

DDoS exploits – in which attackers overwhelm a targeted server, service, or network with malicious traffic from multiple connected systems – are among the oldest forms of cyberattack.  Although in the early days it was only used by hacktivists to prove a point or for cyber vandalism, nowadays, DDoS evolved into a tool for cyber warfare and extortion.

A growing global network of many unsecured connected devices has enabled cybercriminals to develop more powerful botnet-enabled DDoS approaches than ever with breaking records in terms of traffic volume (see 3.47Tbps DDoS attack)

DDoS can become part of the cyber extortion mix in several ways. Many times, cybercriminals are using the attack itself (or threat of it) for extortion purposes, impacting an organization’s network with an offer to relent for the right price – always crypto payment. As an example, at Path Network we’ve seen a huge increase for service requests in 2021 coming from VoIP companies across the UK, USA, and Canada where it seems there was a cybercriminal campaign initiated against this industry. This method has a lower barrier to entry than coupling DDoS with encryption since DDoS services are widely available on the Dark Web for as low as $20 /month unlimited access to a 10Gbps DDoS capacity.

Because companies keep getting better at preventing encryption-based ransomware attacks by investing in cyber security, especially e-mail security as the first line of defense, straight DDoS extortion could and will probably grow.

Smoke and Mirrors - DDoS attacks can be the perfect distraction in terms of misdirection. That makes them a devastatingly efficient way to throw an organization’s incident response team off a hacker’s trail. While an organization scrambles to respond to a DDoS attack, quieter network activity may fly under the radar. This allows bad actors to establish a backdoor through which malware, such as ransomware and others, can go in and sensitive data can be accessed.

56 percent of respondents to a poll conducted by cybersecurity researchers at ITProPortal see evidence that DDoS is being used as a smokescreen. More than a quarter of respondents said that when they lost data from targeted attacks, DDoS was involved as a diversion.

Last but not least, there’s the approach described by the FBI, in which ransomware gangs will threaten (or directly launch) a DDoS attack to pressure victims during negotiations. So-called “triple extortion threat” the attackers encrypt and often exfiltrate the organization’s data and if the victim is not paying the ransom, they use a DDoS attack as additional persuasion.

The Bottom Line

Cybercriminals are always looking for more effective and, of course, profitable attack vectors to pursue. Hybrid ransomware approaches involving victim’s data encryption and DDoS are near the top of the list. By staying informed about these evolving threats and investing in technologies such as Path DDoS security to defend against them you have a chance in protecting your company and potentially saving money that otherwise would be spent fighting the attacks afterward.