Oct 24, 2021
Chris Waynforth, Area Vice Pre...

Ransom attacks go beyond just ransomware

cyber
Ransomeware
attack
Chris Waynforth, Area Vice President at Imperva discusses research his company has done into ransomware and Denial-of-service (DDoS) based ransom attacks

Ransomware has been the hot topic in the security industry this year, propelled to the top of everyone’s agenda by a series of high profile attacks. Businesses are spending vast sums to protect against such attacks – but malware isn’t the only way that cyber-criminals can extract huge sums from their victims.

Ransomware works because modern businesses cannot function without access to important data, so hackers hold it hostage by worming their way in and encrypting it. But it’s access, not encryption, that’s the key element here and, as the latest Imperva research shows, it’s perhaps even easier to launch a Denial-of-service (DDoS) based ransom attack than it is to infect a network with ransomware.  

Ransom on the Rise

The volume and severity of DDoS attacks has risen sharply in the last year, with the number of attacks quadrupling since 2020. More than that, hackers are evolving their tactics to outfox security defences, with attack durations decreasing while the number of packets and volume of attacks continue to rise.

These new methods are particularly dangerous as legacy DDoS solutions are often configured to ignore this level of activity, but short, sharp, persistent attacks can quickly overwhelm hybrid cloud and on-premises solutions, allowing attackers to cause huge damage before backup cloud mitigation has a chance to kick in. By continually circling back to hit again, attackers can leave networks "punch drunk" and without the protection of mitigation services. By the time security teams notice the attack, it’s already been and gone, with no warning of when it’ll start up again.

Cyber-criminals are using these rapid-fire attacks to demonstrate their capabilities to businesses before sending extortion demands with the promise of much larger attacks to follow should payment fail to be made and no amount of ransomware solutions will provide protection against such threats.

Are you protected across the network?

Importantly, while DDoS attacks against websites and online services are often the most high-profile attacks, businesses have to consider their risk exposure across the whole network infrastructure. There’s a wide range of infrastructure elements that hackers can target, including routers, firewalls, IoT devices, load balancers and domain name servers (DNS). A successful DDoS attack against anyone of these can result in a damaging network outage. Nor are such outages limited to causing IT problems. Everything from call centres and customer service departments to order fulfilment centres can be massively disrupted.

And such attacks aren’t difficult to launch either. DDoS “stressors”, a.k.a. “DDoSers” or “Booters” which are ostensibly intended to enable companies to research and pressure test their networks, can also help cybercriminals map out how to best attack them. On top of this, search engines make it simple for hackers to collect information on a given organisations network ranges and networking services – information that businesses need to keep their IT systems working and accessible – making the chances of a successful attack that much higher.

Start from a point of resiliency

Ransom attacks aren’t going away, so it’s vital that organisations figure out how to combat this growing danger. The starting point for any strategy needs to be focused resiliency – how can you ensure that internal data and online services will always be available? Using this framing, there are two key considerations that need to be addressed. The first is that, since security teams have no idea when an attack will be launched or how long it will last, mitigation solutions need to be always-on with a response time of seconds, not minutes or hours.

Secondly, mitigation cannot come at the expense of legitimate traffic, whether that’s employees, customers, partners, or even good bots. Therefore, security teams need to have access to tools smart enough to be able to distinguish between trustworthy traffic that is essential to allow business to continue, and malicious traffic from bot operators.

Ransomware is a serious and growing threat but it is far from the only way that businesses can be subject to ransom demands. Our research has found that ransom-focused DDoS attacks are spiking and every organisation needs to be prepared. This means developing a plan that can provide genuine resiliency across the entire network and investing in solutions that can cope with the evolving tactics of hackers by being always on and able to respond in seconds when an attack begins.

Share article

You might also like these articles

Laura Berrill
Cloud & Cybersecurity
Garry Veale, UK&I Regional…
AI & Machine Learning