Recently, more and more cybercriminals are combining ransomware and DDoS attacks to target victims.
Ransomware attacks are not going to decrease any time soon. Every day, new forms are discovered. In fact, the key to the success of these attacks is simplicity their. It simply locks systems and requires money to unlock them.
In recent years there has been a large increase in ransomware attacks. In 2016, a ransomware attack was detected every 40 seconds. An attack is now detected every 11 seconds or so.
On the other hand, the DDoS attacks also work similarly, at least as far as ransom. In many cases, cybercriminals carry out DdoS attacks and demand ransom from the victims in order to stop them and let the sites work properly. In 2015, a group called the Armada Collective launched DDoS attacks on three different Greek banks and demanded $ 7,2 million worth of bitcoin.
More recently, the team Lazarus attacked a large company (Fortune Global 500) and asked for 20 bitcoin. The hackers threatened to launch a larger DDoS attack and demand 30 bitcoins if the ransom was not paid. Research has shown that in recent years, 70% of organizations have experienced DDoS attacks, the bodies of which demanded ransom.
In addition, in recent years, ransomware gangs have used DDoS techniques as a distraction to hide the introduction of malware. These attacks usually last less than five minutes, but the criminal has time to install malware on the system.
Throughout 2020, experts have observed that ransomware gangs used DDoS attacks to intensify their campaigns. Several groups have been using this tactic lately.
The team Avaddon, for example, has used this tactic to force victims to negotiate. In one case, the victim did not pay attention to the ransomware attack, so Avaddon hit his site with DDoS attacks. As the team noted on their website: “their sites are under DDoS attack, the attacks will continue until they contact us".
In October 2020, a DdoS attack followed a ransomware attack on the team SunCrypt. According to the gang in its communications with the victim, the DDoS attack was a means to force them to return to the negotiating table.
There are several reasons why criminals combine ransomware and DDoS tactics. First, their combination exercises more pressure on victims who do not want to pay. Second, businesses are quite familiar with ransomware and are taking steps to protect themselves. A successful DDoS attack on a business backend could possibly be stop recovery efforts. Meanwhile, carrying out a DDoS attack does not require much expertise, while at the same time provoking additional problems to victims of ransomware attacks.
Finally, a common element of the two attacks is shutdown victims' sites and systems. This is why so many victims are willing to pay a ransom so that they can return to their normal business activities.
Source: Infosecurity Magazine