How ransomware actors are adding DDoS attacks to their arsenals

Denial of service or DDoS attack concept

DDoS attacks increase the pressure on the victim to pay the ransom by adding another threat to combat, says NETSCOUT.

Denial of service or DDoS attack concept

Getty Images/iStockphoto

Ransomware attackers are always looking for new ways to persuade their targets to pay the ransom. The more stress that the criminals can inflict on their victims, the greater the odds that their demands will be met. One tactic increasingly being added to a traditional ransomware campaign is a DDoS attack. In a report released last week, cybersecurity firm NETSCOUT highlights this trend and offers some tips on how to better protect your organization.

SEE: Distributed denial of service (DDoS) attacks: A cheat sheet (Free PDF) (TechRepublic)  

In a DDoS (Distributed Denial of Service) assault, the attacker hits an organization’s website with a flood of concentrated web traffic over an extended period of time. The goal is to overwhelm the web server to the point that it’s unable to respond to requests from legitimate visitors.

In the latest tactic, cybercriminals who sell ransomware-as-a-service campaigns offer a DDoS attack as an extra service. “It’s a little bit ransom, a little bit DDoS extortion, and a lot of trouble,” NETSCOUT said.

Used this way, a DDoS attack shows that the cybercriminal is serious. Plus, it adds another stressful factor that the targeted organization must handle. By combining file encryption, data theft and DDoS assaults, the attacker is looking to ramp up the pressure on the victim to force them to pay the ransom amount.

Ransomware operators such as SunCrypt and Ragnor Locker were early users of the DDoS ploy, according to Bleeping Computer. Other groups that have adopted this strategy include Avaddon and Colonial Pipeline attacker Darkside.

To protect your organization from ransomware attacks that employ a DDoS tactic, NETSCOUT offers the following recommendations:

  • Focus on the basics. Make sure you regularly and securely back up all your critical data. Then run tests of your data restoration process to ensure that you can recover the backed-up files. Conduct vulnerability assessments to look for weak points in your security. Patch and update your computer systems to avoid exploits of known vulnerabilities.
  • Avoid breaches of your network. Ransomware attacks start with breaches of your network. So the goal is to prevent such breaches in the first place. To do that, you need to make sure your users are educated about proper cybersecurity hygiene. You must also protect your network with the right endpoint security tools that can detect malware, suspicious or anomalous activity, and indicators of compromise (IoCs).
  • Take advantage of threat intelligence. Stay tuned into the latest threat intelligence reports. Such information can help you detect, investigate, and look for IoCs that could be a prelude to a ransomware attack.
  • Implement the right DDoS protection. DDoS attacks have been growing in size, frequency and complexity. To combat them, you need a hybrid combination of cloud-based and on-premises DDoS mitigation tools.

Also see

Source link

more recommended stories