Extortion groups who send emails targeting businesses with DDoS attacks before a ransom has been charged are making a comeback, security company Radware warned today.
In a security warning sent to its customers and shared with ZDNet this week, Radware said that its customers got a new wave of DDoS ransom emails during the last week of 2020 and the first week of 2021.
Extortionists threatened businesses with crippling DDoS attacks until they were charged between 5 and 10 bitcoins.
Radware said that some of the emails it saw were sent to a party that was involved during the 2020 summer when extortionists threatened a variety of financial organizations around the world.
Companies who sent communications from this community last summer have received fresh attacks over the winter, Radware said.
The security firm says that the spike in the Bitcoin-to-USD price has driven some groups to return to or re-prioritize DDoS extortion schemes.
But Radware said that the price spike in Bitcoin was so rapid and unpredictable that it took some groups by surprise. Extortionists have had to change and reduce their requests over time, from 10 BTC to 5 BTC, since in some situations the ransom charge may have been too high for some businesses to pay, since the Bitcoin price has increased since August 2020.
And just as in the summer of 2020, Radware said that these DDoS ransom gangs had the firepower to cope with their attacks.
Radware said that it saw several companies targeting DDoS attacks after collecting ransom emails. Attacks usually lasted around nine hours and ranged about 200 Gbps, with one attack at 237 Gbps.
But this revival in DDoS extortion tactics was also documented by Lumen’s Black Lotus Lab, which posted on their return last week.
The former CenturyLink division, now part of Lumen, said that these schemes had never completely ceased, although the incidence of these e-mail attacks had declined over the fall, relative to their prevalence over the summer.
Much as before, the DDoS ransomware gangs have used the identities of more prominent hacker groups to send their attacks, aiming to threaten the victims. Attackers used names including Fancy Bear, Cozy Bear, Lazarus Group, and Armada Collective.
But by the end of the year, Black Lotus Lab confirmed that some of these ransom emails had also been signed under the name of Kadyrovtsy, the name of an elite Chechen military organization that had also been affiliated with DDoS gangs and extortionists in the early 2010s.
Both Black Lotus Laboratories and Radware have suggested that businesses should not pay for the ransom, as this essentially means more kidnapping in the future. Companies are encouraged instead to pursue extra defence from possible threats by their security providers.
