Attackers Increasingly Turning to DDoS as a Ransom Vector

  • Nearly half (44%) of organizations have been targeted or fallen victim to a ransom-related distributed denial of service (RDDoS) attack in the past 12 months, according to a survey of 313 cybersecurity professionals by the Neustar International Security Council (NISC).

    Interestingly, during the same period, a lower proportion (41%) of organizations were targeted by a ransomware attack, suggesting cyber-criminals are increasingly using DDoS attacks as a means of extorting money from victims.

    Rodney Joffe, chairman of NISC, SVP and fellow, Neustar, explained: “Rather than spending a lot of time and careful planning on infecting an organization’s network with malware or ransomware, cyber-criminals are taking an easier approach and using DDoS as a ransom vector. For bad actors, launching a DDoS attack is relatively simple and also has the added benefit of being harder to trace back to its origin.”

    The research indicates that this is an effective ransom tactic; 70% of organizations hit by RDDoS were targeted multiple times, and 36% admitted they paid the ransom. This compares to 57% of those infected by ransomware being targeted on multiple occasions, with the same proportion (36%) choosing to pay the ransom.

    Neustar added that while RDDoS threats have traditionally targeted online industries, attackers are increasingly turning their attention to other sectors, including financial services, government and telecoms.

    Worryingly, less than a quarter (24%) of cybersecurity professionals said they were ‘very confident’ in their organization’s knowledge of how to respond to an RDDoS attack. The respondents listed ransomware (70%), DDoS (68%) and targeted hacking (66%) as the most increasing cyber-threats to their organization.

    Joffe commented, “It’s common for organizations to feel pressure to pay to get their website back up and running and avoid disruption. However, with attackers targeting the same company multiple times, paying the ransom only makes it more likely that you will fall victim again. Instead, businesses must take an ‘always on’ approach to DDoS security, ensuring that their site remains protected even in the event of an attack.”