Since the second half of 2020, a disturbing number of entities received emails containing the threat of a sustained DDoS attack unless a Bitcoin ransom was paid.
This has been revealed from a blog by Black Lotus Labs, the cyber threat intelligence division of Lumen Technologies. The blog shows an increase in cyberattacks during the second half of 2020.
The team has observed Ransom-based DDoS (RDDoS) activity before, dating as far back as 2016, but the recent campaigns have been greater in number and duration. In addition, today’s group of cybercriminals often perform a limited attack to prove their capability and malicious intent.
The case studies featured in the blog include RDDoS attacks from an unknown group claiming to be well-established entities including Fancy Bear, The Armada Collective, and Lazarus Group. The blog also dives into attacks from another group calling itself The Kadyrovtsy.
“The increase in RDDoS attacks in 2020 couldn’t have come at a worse time,” said Mike Benjamin, Lumen’s head of Black Lotus Labs. “With so many businesses relying on their internet connectivity during the pandemic, these attacks had an even greater impact on their victims’ operations.”
Benjamin went on to explain his team’s philosophy on paying ransoms. “We recommend never paying the ransom demand, as that only serves as fuel for this illicit business model, and there are no guarantees the criminals will actually stop the attack. The best defense is to utilize a DDoS mitigation service, along with deploying applications across a highly distributed infrastructure.”