Ransomware Gangs Increasingly Using DDoS for Extortion Attacks

Ransomware operators have now come up with a new tactic of extortion, in which they are using threats of DDoS attacks to negotiate with victims. This tactic has the potential to become a trend. Recently, Travelex, a foreign exchange company, and several other organizations were targeted by such attacks. 

What happened?

In the recent attack on worldwide organizations, including Travelex, the attackers sent an extortion email threatening to launch a DDoS attack if they fail to pay up 20BTC (around $230,000).
  • The attackers threatened to increase the payment demand by 10 BTC for each passing day the firm does not pay the demanded ransom. However, Travelex did not pay any ransom to attackers.
  • Along with the extortion email, the attackers carried out a volumetric attack on a custom port of four IP addresses used by the company’s subdomains. After two days, another DNS amplification attack was launched.

In addition to this, the attackers claimed to have the ability to perform volumetric attacks that peak at 2Tbps.

Recent attacks

In the recent past, many other groups have been observed using similar tactics to extort the targeted organizations.
  • Recently, the operators behind SunCrypt ransomware attacked the targeted organization by encrypting their files and launched DDoS attacks to pressurize them into paying the ransom. Eventually, the firm was devastated by multiple attacks and paid the ransom.
  • Last month, a group of attackers was found targeting organizations with DDoS attacks. They asked for ransom from retail and financial organizations across the U.S., the U.K, and Asia Pacific.
  • In August, a cybercrime group had extorted finance, travel, and e-commerce organizations worldwide to pay thousands of dollars in Bitcoin. They threatened to launch DDoS attacks if they did not comply.

Conclusion

It is the need of the hour to come up with a better security strategy to respond to such extortion attacks. Experts suggest a proactive approach with strictly following best security measures such as taking backups, deploying network monitoring solutions, and training employees to detect anomalies.