New evidence suggests that there has been a significant increase in the number of ransom-related DDoS (RDDoS) attacks during the COVID-19 crisis.
A report by US tech firm Neustar found that RDDoS attacks rose by 154% across 2020. RDDoS attacks involve a threat actor attempting to extort money from an individual or organization by threatening them with disruption caused by a DDoS attack. Sometimes, the attack will come first, followed by a ransom note threatening further attacks if payment is not made.
Often, RDDoS attacks are employed instead of more traditional ransomware exploits because they are much easier to carry out. Building a ransomware campaign takes significant amounts of time and skill in order to ensure that sensitive files become encrypted solidly. RDDoS attacks are also much harder to trace, making them more difficult for law enforcement officials to pursue.
“Organizations should avoid paying these ransoms,” said Michael Kaczmarek, Vice President of Security Product Management at Neustar. “Instead, any attack should be reported to the nearest law enforcement field office, as the information may help identify the attackers and ultimately hold them accountable. Beyond this, organizations can prepare by setting up a robust DDoS mitigation strategy, including assessing the risks, evaluating available solutions, considering mitigation strategies and keeping their plan and provider up to date.”
In addition to the observed rise in RDDoS attacks, Neustar also highlighted a marked increase in the number of attacks on the Domain Name System itself. Worryingly, although three in five organizations admitted that they had been subject to a DNS attack in the last 12 months, more than 70% had reservations about their ability to respond to such an attack.
It is hardly surprising that ransom-related attacks have risen markedly in light of the coronavirus pandemic. With more individuals working remotely, digital safeguards are unlikely to be as robust as they would be in an office environment.