2016 and 2017 gave us deadly ransomware attacks like WannaCry and NotPetya. These attacks put ransom-type malware in the headlines across the world because of their destructive behavior and request for exorbitant amounts of money. These ransom attacks are evolving and hacking groups are utilizing another form of attack – Denial of Service (DoS) attacks. These attacks are less intrusive to individual systems but just as terrifying to organizations.
To understand what an RDDOS attack is, we need to know what a DDoS attack is. A Distributed Denial of Service attack refers to a targeted attack on an organization where thousands of requests are sent to a single server, essentially locking it up. An organization’s internet infrastructure can typically handle 10gb/s to 20gb/s of internet traffic. A DDoS attack is typically 30gb/s and upward, which overloads the servers so that actual users are unable to reach the site.
DDoS attacks are fairly common in today’s cyber-security landscape because they can easily be setup and wreak havoc. However, RDDoS attacks operate in a different manner.
Ransom Distributed Denial-of-Service attacks are highly targeted and the company is picked because of their vulnerability to a website outage or resource downtime. An example would be Amazon where the majority of their revenue comes through website use. If their website goes down or is unreachable to customers, for however long, they could suffer irreparable revenue and reputation damage.
HOW IT WORKS
They work like this; after a company is targeted, attackers will execute a “demo” attack. An example of this is below. This demo attack shows the company that they have the power to execute an attack on them and that they “aren’t messing around.” The attacker requests, usually, between 5 to 200 bitcoins and if they aren’t paid within a certain timeframe, another attack will be executed that takes down their website for an extended period.
Here's an example of an RDDoS ransom request:
IDEOLOGY
It’s some coding but mainly a lot of fear-mongering to get this kind of attack to work.
DDoS attacks can be executed by inexperienced hackers which makes it hard to evaluate if the attack was really just a demo or was it all the power they have. The attacker here is relying on the unknown to scare the company into paying a ransom. This is an extremely easy way for bad actors to capitalize on their botnets and get the ROI that they are looking for.
The first line of defense is your employees and their proactive engagement in keeping your network safe. Training is an important part of recognizing these attacks quickly and preventing them. Knowledge is power!