The FBI advised against paying the ransom when it was hit with a ransomware attack. Cybercriminals don’t like that advice, so we’re seeing a new tactic with ransomware: Cybercriminals are combining ransomware attacks with DDoS attacks. According to Invincea’s blog post:https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iWe recently found a ransomware variant that not only holds the victim’s machine and data hostage until a ransom is paid, but also exploits the compromised machine as part of a potential DDOS attack. This means that while the victim is unable to access their endpoint, that same endpoint is being used to deny service to another victim. Two attacks for the price of one.
We know that ransomware attacks are on the rise; it’s a topic I have been covering all year. DDoS attacks are also on the increase. According to a Verisign DDoS Trends Report, DDoS attacks have jumped 75 percent since last year. eSecurity Planet added:
The average peak attack size in the second quarter was 17.37 Gbps, an increase of 214 percent over Q2 2015. Fully 75 percent of attacks peaked over 1 Gbps, and 32 percent exceeded 10 Gbps.
The article also quoted Nexusguard chief scientist Terrence Gareau, who said that we should expect to continue to see an increase. That makes sense, especially if cybercriminals are doubling down on ransomware and DDoS. And, KnowBe4 reported, these attacks are pure extortion:
Copycats can now launch DDoS attacks for very little money, stated Imperva's DDoS Threat Landscape Report 2015-2016. The rapid growth of these services, also known as ‘stressers’ and ‘booters,’ accounted for an increase in the number of DDoS attacks from 63.8 percent in Q2 2015 to 93 percent in Q1 2016.
In an email comment, Craig Young, cybersecurity researcher for Tripwire, advised treating this DDoS ransomware duo as you would any ransomware attack:
In my opinion, businesses are best to never pay DDoS extortionists and instead are better served saving that money for DDoS mitigation services from reputable firms. Since a DDoS involves flooding a target with junk messages until the communication lines are so full of junk that there is no room left for the legitimate messages, the solution often is to acquire really big communication lines and position servers all around the world, making it less likely that an adversary could overwhelm them.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.