What is DDoS Extortion attack?

The COVID-19 pandemic forced businesses and organizations to switch to working from home. The bad guys seized the opportunity to carry out unprecedented distributed denial of service (DDoS) attacks. These attacks include a DDoS Extortion (DDoS Extortion) campaign known as Lazarus Bear Armada, which is carried out by a group of bad actors starting mid-August 2020.

What is DDoS Extortion attack?

Also known as Ransom DDoS (RDDoS) attacks, DDoS Extortion occurs when cybercriminals threaten individuals or organizations to perform a DDoS attack, if a request for blackmail is not met. These requests force victims to pay with cryptocurrency to avoid traceability by law enforcement.

DDoS Extortion attacks are not the same as Ransomware attacks, in which malware encrypts an organization’s systems and databases, preventing legitimate owners and users from accessing them until the ransom is paid. pay.

What are the signs of a DDoS Extortion attack?

The threat agents behind the DDoS Extortion attacks use a number of methods. Some attacks start with a test DDoS attack, targeting a specific element of an organization’s online service / application delivery infrastructure to demonstrate the threat is real. This attack is immediately accompanied by a blackmail or email threatening a larger attack if the payment is not made.

Other attacks first send ransom mail or emails outlining the threat to the business and asking for blackmail, form of payment, and a deadline for payment before the attack can be carried out. Attackers often claim that they are capable of a DDoS attack of up to 3Tbps if the request is not met.

Attackers may not always launch threatening attacks and some may not even have the capacity to do so. therefore, organizations should not be afraid of bogus threats.

As is true of all DDoS attacks, DDoS Extortion targets an application or service, overwhelming it with the attacking traffic causing the service to ultimately slow down or crash completely.

Why are DDoS Extortion attacks dangerous?

Like any DDoS attack, a DDoS Extortion attack prevents legitimate network requests from going through, which can disrupt operations, cost money, and damage the business’s reputation. Accepting blackmail payments is a no-no, as there’s no guarantee that attackers won’t come back to asking for other payments in the future.

Except in those cases in which a test attack takes place first, it is difficult to know if the threat is actually real or not. The attackers can claim to have linked up with well-known attack groups reported by the media to add more force to the attack. Because many security experts have heard of major attacks by groups like “Armada Collective”, this name is believed to increase the severity of the threat, thereby forcing the target have to pay. It’s important to note that the threats can still be real.

Usually, cyber attackers conduct reconnaissance before posing their threat. This kind of exploration looks for vulnerabilities to exploit, such as inadequately protected public apps and services. Occasionally, attacks target providers that relay the upstream traffic. By attacking ISPs that provide Internet connectivity, attackers can significantly disrupt the targeted organizations.

The authorities recommend that the institutions should not pay the ransom, as there is no guarantee that further requests will not be made. However, strong DDoS mitigation measures should be applied to prevent attackers from executing the threat. If the cybercriminals are unable to launch the attack because of containment measures, the threats are essentially neutralized.