In A Ransom DDoS Attack, It Doesn’t Pay To Pay

Cyberattacks have become so common that criminals don’t even have to launch one in order to get victims to pay up; all they have to do is threaten.

The distributed denial-of-service (DDoS) attack has made a massive resurgence in Q2, particularly Ransom DDoS, or RDoS. In an RDoS attack, cybercriminals threaten to launch a DDoS attack on a victim’s critically important online resources if they don’t pay up. The threat is often accompanied by a smaller-scale DDoS attack to demonstrate that the criminal means business.

Yet in the last quarter, security analysts found that hackers were counting on victims to be so scared by the idea of a DDoS attack that they would simply pay the ransom with little to no proof of the criminal’s intent or capabilities. That opened the door for a lot of rookie fraudsters who lacked the skills to deploy a full-scale DDoS attack, because so many companies would rather be safe and pay up than sorry and risk a distributed denial of service.

“Nowadays, it’s not just experienced teams of hi-tech cybercriminals that can be Ransom DDoS-attackers,” said Kirill Ilganaev, head of Kaspersky DDoS Protection at Kaspersky Lab. “Any fraudster who doesn’t even have the technical knowledge or skill to organize a full-scale DDoS attack can purchase a demonstrative attack for the purpose of extortion. These people are mostly picking unsavvy companies that don’t protect their resources from DDoS in any way and therefore, can be easily convinced to pay ransom with a simple demonstration.”

According to Kaspersky, paying up isn’t necessarily choosing the “safe” side of the “safe or sorry” dichotomy, because a “payer” reputation can spread through criminal networks and open up the company to further attacks. And the next one could be launched by someone with the technical knowledge to really bring down a system.

Kaspersky’s Q2 2017 DDoS Intelligence Report, published Tuesday (Aug. 1), also showed an increase in long-lasting DDoS attacks, with the quarter’s longest attack lasting 277 hours, or more than 11 days. That’s a 131 percent increase over the previous quarter. And though the primary driver of DDoS attacks is money, there have been several large attacks carried out this year for other purposes.

Attacks targeted 86 countries in Q2, compared with 72 in the first quarter, with Italy and the Netherlands moving into the top 10 most-affected countries. China, South Korea, U.S., Hong Kong, U.K., Russia, Canada and France also made the top 10.

As cryptocurrency rates climbed, so did instances of criminals initiating DDoS attacks in attempts to manipulate prices. The bitcoin exchange Bitfinex went down at the same time IOTA token, a new cryptocurrency, launched in the market, and the BTC-E exchange reported being hit earlier in the quarter.

But all of that activity took place in the underground. In mainstream spheres, cybercriminals got more ambitious – and more political – in their choice of targets, taking down media giants such as Al Jazeera, Le Monde and Figaro newspaper websites during major political events (the Qatar crisis and the French elections).

In the U.S., the Federal Communications Commission (FCC) website gave out under a massive DDoS attack after the organization revealed its plans to abolish net neutrality. It is unclear whether the attack came from opponents of net neutrality flooding the system with identical comments, or from supporters of net neutrality who wished to prevent opponents from plastering the FCC site with fake comments.

Skype servers were also crashed by a DDoS attack this quarter, with users experiencing connectivity issues in multiple countries on Monday, June 19. A hacker group called CyberTeam publicly claimed responsibility for the outage on Twitter, but no one knows what they hoped to accomplish with the attack.