Global ransom DDoS extortionists are retargeting companies

Threat actors asked for 10 bitcoins, or they will attack corporate networks

DDoS Attack on a screen

According to security researchers, a ransom DDoS campaign retargeting organizations around the world is underway.

In a cyber security alert by Radware, the first wave began in August, but DDoS extortionists targeted companies with a global ransom DDoS campaign for a second time during the last week of December and the first week of January.

The new extortion emails the cyber criminals sent started with: “Maybe you forgot us, but we didn’t forget you. We were busy working on more profitable projects, but now we are back.”

“We asked for 10 bitcoin to be paid at

According to Radware, companies that received this letter also received threats in August and September 2020. Security researchers’ analysis of this new wave of ransom letters suggested that the same threat actors from the middle of 2020 are behind these malicious communications.

When the DDoS extortion campaign started in August of 2020, a single Bitcoin was worth approximately $10,000. It’s now worth roughly $30,000. The attackers cited this in the latest round of ransom letters, and it represents the impact the rising price of Bitcoin is having on the threat landscape.

A few hours after receiving the message, organizations were hit by DDoS attacks that exceeded 200Gbps and lasted over nine hours without slowdown or interruption. A maximum attack size of 237Gbps was reached with a total duration of nearly 10 hours, the alert warned.

Pascal Geenens, director of threat intelligence at Radware, told IT Pro that DDoS extortion campaigns have traditionally been seasonal events. They would run annually for a few weeks and target specific industries or companies before the threat actor would typically give up. 

“This campaign represents a calculated shift from these tactics and DDoS extortion has now become an integral part of the threat landscape. This is a clear indicator that companies need to take DDoS extortion campaigns seriously,” Greenens said.

“Without DDoS protection, organizations are exposed and vulnerable to repeat attacks and there is no guarantee it will stop following payment. This type of cyber criminal is seeking financial gain and by knowing an organization has succumbed to the threat, it will lead them to retarget again in the future.”

Featured Resources

Consumer choice and the payment experience

A software provider's guide to getting, growing, and keeping customers

Download now

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Download now

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

Download now

How to increase cyber resilience within your organisation

Cyber resilience for dummies

Download now

Recommended

ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
CISOs aren’t leading by example when it comes to cyber security
cyber security

CISOs aren’t leading by example when it comes to cyber security

24 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
What is HTTP error 400 and how do you fix it?
Network & Internet

What is HTTP error 400 and how do you fix it?

16 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021