Gangs Launch DDoS Attacks To Push Victims Into Paying Ransom

Ransomware Groups Add DDoS To Their Arsenal To Pressurize Victims

Cybercriminals have perpetuated conducting fraudulent activities, but this time with another ransomware called SunCrypt. This new malicious software bars victims from accessing files by encrypting them. Apart from this, it renames all encrypted files and generates a ransom note. Recently, a cybercriminal group conducted a DDoS attack on a well-reputed Irish company, Glen Dimplex Home Appliances, when ransom negotiations ceased. Ultimately, the victim resumed negotiations and paid the ransom.

Threat actors are constantly adding new methods to push their victims into paying the ransom. As DDoS attacks reduce in cost, they pose a very efficient motivational tool for adversaries.

Distributed Denial-of-Service (DDoS) attacks

A DDoS attack takes place whenever cybercriminals transmit an abundant amount of malformed network traffic right to a target server. A cybercriminal can achieve this by using multiple methods, and one way is by using a botnet to send the traffic.

A botnet is a considerable number of victim computers or infected computers, commonly known as zombies, connected over the Internet.

These computers communicate with each other and are controllable from one single location. When a cybercriminal uses a botnet to execute the DDoS attack, they transmit instructions to some or every machine connected. As a result, it magnifies the size of the attack. It makes the attack originating from multiple networks and likely from many countries.


LIFARS provides an elite response for your organization following Ransomware or Cyber Extortion Incident.


The aim of DDoS attacks

DDoS attacks aim at websites and online services. The goal is to overwhelm them with more increased traffic than the network or server can handle. Therefore, making the targeted website or service inoperable.

The traffic may consist of incoming messages, fake packets, or requests for connections. Sometimes, the targeted victims receive threats of a DDoS attack or are attacked at a low level. The attack may compound with an extortion threat of a more destructive attack unless the company pays a cryptocurrency ransom. In 2015 and 2016, a criminal group, Armada Collective, repeatedly extorted web host providers, banks, and others in this way.

Recommendations and Mitigation Strategies

  • Build and maintain powerful partnerships with your upstream network service provider.
  • Also, remain aware of what assistance they may grant you in the event of a DDoS attack.
  • Consider also building relationships with companies that offer DDoS mitigation services.
  • Provide the attacking IP addresses to your upstream network service provider so they can place restrictions at their level.
  • Establish and periodically validate baseline traffic patterns, such as volume and type, for public-facing websites.

Future Trends

DDoS attacks increased by 84% in the first quarter of 2019. Based on 2017 data from the Cisco Visual Networking Index, DDoS attacks are bound to double to 14.5 million by 2022.

Final Remarks

As the business mode is shifted from physical to the digital world, so are the threats and vulnerabilities. The risks now exist in the digital space. Hence, it is vital to have cemented relationships with companies offering digital security.



Emerging threats in the digital space