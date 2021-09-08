The surge in ransomware attacks over the past 18 months has created havoc for organizations across numerous critical sectors, leading to enormous payments being made to cyber-criminal gangs. Ransomware operators have also rapidly evolved their tactics in this period, with trends like double-extortion ransomware attacks and ransomware-as-a-service becoming increasingly prominent. This means attacks are becoming more sophisticated and more complex for organizations to prevent. Another trend being observed in this space is the rise of ransom-related distributed denial of service (RDDoS); essentially, a tactic that aims to extort victims by taking or threatening to take their systems offline through DDoS. This is often easier and can be just as effective as encrypting an organization's systems and data. Following recent research conducted by tech firm Neustar in this area, Infosecurity recently caught up with Rodney Joffe, chairman of Neustar International Security Council (NISC), SVP and fellow to find out more about this technique and how organizations should respond to an attack of this nature. In Neustar’s recent study, 44% of organizations reported being the target or victim of an RDDoS attack in the last 12 months, while fewer organizations (41%) were on the receiving end of a ransomware attack. Could you explain how RDDoS attacks work, and does Neustar’s findings demonstrate a shift in the tactics employed by ransomware attackers? An RDDoS attack aims to knock an organization’s systems offline completely. While a ransomware attack encrypts a company’s system, an RDDoS attack doesn’t require the cyber-criminal to gain access to a businesses’ internal systems before it can be carried out. While there is technically no difference between a DDoS attack and an RDDoS attack, the element involving ransom means organizations are subject to extortion from criminals. Additionally, launching a DDoS attack has become relatively simple. It has the added benefit of being harder to trace back to its origin, meaning cyber-criminals are turning to RDDoS attacks over ransomware as an evolutionary point from DDoS but also a migration from ransomware-based attacks. Organizations that receive extortion threats are typically sent an additional demand letter that follows a rudimentary template format. In the letter, users are threatened with a DDoS attack unless the demands for payment — usually in the form of Bitcoin — are met. How effective is this approach in infecting organizations with ransomware? What advice do you have for organizations to defend themselves against RDDoS? Unfortunately, this approach is highly effective in infecting organizations with ransomware. While RDDoS in itself doesn’t include any ransom software, i.e., ransomware itself, instead, cyber-criminals are extorting the organization with attack threats. Cyber-criminals are also combining RDDoS with additional tactics, installing encryption ransomware while systems are down and stealing data and threatening data leaks. These triple attacks are becoming increasingly common.