RDDoS Attack: What to Do if Hackers Demand a Ransom

DDoS attacks have evolved from simple disruptions into serious threats, with cybercriminals using them to demand ransoms and fill their cryptocurrency wallets. These attackers often operate like modern-day mafiosi, issuing threats and demanding payments. Pay up, or face two outcomes: either the attacks will start, or they simply won’t stop.

In this article, we’ll discuss what to do if you’re being blackmailed by a DDoS attack. We’ll also cover steps you can take to protect your company from these threats in the future.

What Is Ransom DDoS?

Ransom DDoS (RDDoS) is a form of extortion where criminals threaten to launch—or have already launched—a DDoS attack. Typically, the attackers contact their target via email, with two possible scenarios:

1. They have already begun the attack and demand a ransom to stop it.
2. They threaten to launch an attack unless a payment is made upfront.

In 2023, experts estimated that ransoms to halt DDoS attacks ranged from a few thousand to millions of dollars, depending on the size of the business and the importance of the targeted resources. Payments are usually requested in Bitcoin.

In the world of cybercrime, there are no guarantees. Just like in organized crime, paying the ransom doesn’t necessarily mean the attacks will stop. Hackers often exploit fear, sometimes conducting small-scale "warning" attacks before entering negotiations.

RDDoS: Notable Cases

Each year, more high-profile RDDoS attacks are reported. Cybercriminals are increasingly targeting large international companies, with major retailers, financial institutions, and tech giants being among their favorite victims.

Here are some notable examples:

• Google (2017):
  This was one of the largest DDoS incidents in history, with hackers demanding 200 BTC (over $2 million at the time). The attack lasted several days, peaking at a staggering 2.5 Tbps on Google’s network. Google refused to pay the ransom and successfully repelled the attack thanks to its strong internal defenses.
• New Zealand Stock Exchange (2020):
  In August 2020, the New Zealand Stock Exchange (NZX) experienced several massive DDoS attacks, forcing it to halt trading for several days. The hackers demanded a ransom and threatened continued attacks if they weren’t paid. The exchange had to enlist international cybersecurity experts to manage the situation.
• Amazon AWS (2020):
  Amazon’s cloud platform faced a peak attack capacity of 2.3 Tbps. Although hackers demanded a ransom, Amazon’s robust security tools prevented significant disruptions.
• Cloudflare (2021):
  As a leader in DDoS protection, Cloudflare has faced several RDDoS incidents. In 2021, hackers attempted to overwhelm their network with terabits of traffic per second, but Cloudflare’s defenses held strong, and no ransom was paid.

What Should You Do if You’re a Victim of RDDoS?

First and foremost, stay calm. Don’t rush into paying the ransom. Even if you do, there’s no guarantee that the attackers will stop, and they may demand even more later. Paying also encourages future criminal behavior.

Here are the steps you should take:

1. Contact a DDoS protection service provider immediately.
   These companies offer specialized tools to filter malicious traffic and minimize the impact of DDoS attacks. They can monitor traffic in real-time and block abnormal requests before they overwhelm your system. Most importantly, this protection can be activated even during an attack.
2. Report the incident to law enforcement.
   Registering the attack as a crime increases the chances of bringing the perpetrators to justice and may help prevent future incidents.
3. Conduct a security audit.
   An urgent review of your existing defenses will help identify vulnerabilities. The sooner you fix them, the better your chances of preventing future attacks.
4. Set up a Web Application Firewall (WAF).
   A WAF filters incoming traffic and blocks malicious requests before they reach your web resources. This not only protects you from DDoS threats but also shields you from other types of cyberattacks.
5. Use a Content Delivery Network (CDN).
   CDNs distribute incoming traffic across multiple servers, reducing the risk of overloading any single server during an attack.
6. Implement traffic monitoring.
   Regular monitoring helps detect early signs of a potential DDoS attack, allowing you to assess its severity and respond accordingly.
7. Create an incident response plan.
   An effective plan outlines the steps to take if a DDoS attack occurs. It includes coordination with your service providers and clear communication with customers. A well-prepared plan minimizes damage and speeds up recovery.
8. Train your employees.
   The human factor is often the weakest link in cybersecurity. Regular training on cyber hygiene can help reduce risks and prevent mistakes that could worsen an attack.

The Reality of RDDoS Attacks

It’s important to acknowledge that there’s no such thing as 100% protection from RDDoS attacks. Even with robust defenses in place, hackers may still threaten to attack. While many of these threats can be empty, responding to them can still consume valuable time and resources.

Remember that most extortion attacks begin with reconnaissance. Hackers will try to figure out what kind of protection their target is using. The best defense is to ensure that when intruders conduct their research, they find your systems are well-protected with specialized DDoS defenses. This reduces the likelihood that they’ll pursue you—and helps protect your peace of mind.

cta1