DDoS como elemento de extorsión

Ransomware attacks on the rise

Distributed denial of service (DDoS) attacks have been a constant on the Internet for several years. . Every now and then we hear about a record number of such attacks, and for most of 2020 and part of 2021 we saw a huge boom in the number of these attacks. The situation “normalized” a little in May 2021, but since then the levels have remained the same, with some upward trend.

And why have they gained popularity since the pandemic? Well, as an unintended effect of the telecommuting boom. The potential impact of a DDoS attack on a business is much greater if its workforce is dispersed due to lockdowns and quarantines. Cybercriminals are aware of the enormous impact that infrastructure shutdown can have in this context and have therefore decided to exploit it to the maximum. This is called RDoS (Ransom Denial of Service).

RDos, Kesako?

This is actually nothing new, we already spoke to you a little over a year ago about DDoS attacks as an element of extortion, demanding the payment of a ransom to stop the attacks. and as we can read in ZDNet, this extortion technique has grown considerably in 2021. Whether it’s back-end services of businesses of all sizes or training platforms, downtime due to a DDoS attack has been on the agenda throughout the last year and , as the data shows, in many cases it was a ransom demand – a pattern undoubtedly drawn from the great “success” of ransomware.

As we can read in this post, ransomware DDoS attacks increased by almost a third year-over-year between 2020 and 2021, and… jumped 175% in the last quarter of 2021. compared to the previous three months, which can be associated with the new mixed employment profile, combining face-to-face and teleworking, as well as the delay taken by certain companies in returning to face-to-face mode, as well as in the increase in the volume of Internet purchases. also as a consequence of the pandemic.

A lire également  What is malware?

Last year, just over one in five DDoS attacks were accompanied by a ransom demand from the attacker, a figure that increased in December in the run-up to Christmas, a critical period for many online retailers, for whom it is the biggest sales month of the year. During this period, un in three organizations participating in the survey reported receiving a ransomware letter. linked to a DDoS attack.

Regarding their mode of operation, we can distinguish two main groups, depending on the sequence of their actions. The most common method is to launch the attack, demand a ransom, and if the victim does not meet their demands, continue and even increase the scale of the attack. Other cybercriminals, however, have opted for the opposite order, i.e. they first communicate their intentions to launch a DDoS attack, offering the possibility of preventing it by paying the ransom. .

DDoS attacks are the evolution of classic DoS attacks, and are largely based on botnets. which, on command, start generating unwanted traffic to one or more specific servers. We tend to think of them as simple attacks, but for years the perpetrators have been waging a war against CDNs, who, in certain circumstances, can also be victims. Not to mention cases where cybercriminals decide to combine two or more attack techniques, as we have already seen in the cases of DDos on Ransomware.

And how can you protect yourself from this type of threat? A few months ago we published an article by Daniel Heinze, Network Manager at IONOS, in which, based on his experience, he gave us a very interesting series of recommendations to fortify our infrastructure. A more than recommendable read, especially considering that The data for last year is a worrying sign. It suggests that, at least in the short to medium term, we will continue to see attacks of this type, and it is even possible that their frequency, quantity and virulence will intensify,