According to insight from Radware’s Emergency Response Team (ERT) the number of DDoS for Ransom attempts worldwide grew significantly during the last week. But most worrying, the ERT has discovered that many of the letters used to request the ransom are fake, yet companies are falling for the scam.
Radware is warning the financial sector to take caution when assessing the legitimacy of a threat, and to consider seeking expert advice to help decipher the threat level to their business.
Daniel Smith, one of Radware’s leading researchers and a former hacker, explains: “Distributed Denial of Service (DDoS) for Ransom attacks work by running a ‘sample’ attack on a company network while at the same time sending a note asking for payment, usually in bitcoin, by a certain date ‘or else’ they will hit the company with a much larger and more devastating attack. When companies pay up, the hackers take advantage of the situation by returning to extort again. It’s a simple game of squeezing more money once they know they have your attention.
“The most prolific DDoS groups– Lizard Squad, Armada Collective and DD4BC - have been caught and numerous arrests have been made over the past 12 months. After the last wave of these arrests in December, the global ransom landscape quietened down.
“But last week we saw an exponential rise in the number of DDoS for ransom letters being sent. The first wave of these letters promised an attack by a certain date if bitcoin was not paid. However, after that deadline passed, no attacks took place. We then saw a second wave of these ‘fake’ ransom notes going out to a new round of unsuspecting companies. When examining these notes, we quickly saw a clear difference between the legitimate and the fake ransom notes.
“The latter are being sent by opportunists claiming to be from groups like Lizard Squad, but actually have no official links, or intention of running an attack. They are hoping that their victim will pay up out of fear.”
Radware’s ERT team is concerned that companies will be lulled into a false sense of security with this flood of fake ransom notes. Daniel adds: “It’s only a matter of time before we see a new group attempting to launch a DDoS for Ransom campaign. There’s therefore no guarantee that next time the company will be so lucky as to escape a full-blown attack. And of course, if that does happen, untold damage could be done to company’s network and reputation.”
Radware has issued a guide to spotting a fake ransom letter and information on how to deal with a ransom attack generally.
How to detect a fake:
How to manage a suspected attack:
Companies can stay on top of the latest information and attacks happening around the world by visiting Radware's Threat Advisories and Reports website or by downloading the Radware app from the Apple Store.