Are ransomware operators adding DDoS to the mix?

DDoS attacks

A new study by a firm called NetScout is suggesting that some ransomware-as-a-service operators are augmenting their cookbook with DDoS attacks.

TechRepublic reports today that security professionals have been seeing this trend pop up when networks are under attack.

Are ransomeware attacks and DDoS attacks “two great tastes that taste great together?” Well…

Studies like these are suggesting that to some cybercriminals, these two different kinds of threats are the perfect one-two punch – there is the data loss and liabilities surrounding the ransomware attack, and then there is the threat to real-time business represented by a DDoS attack, in which hackers use either real or synthetic user request volume to compromise a network’s operational servers by flooding them.

“The more stress that the criminals can inflict on their victims, the greater the odds that their demands will be met,” writes TechRepublic’s Lance Whitney. “(The DDoS component) adds another stressful factor that the targeted organization must handle. By combining file encryption, data theft and DDoS assaults, the attacker is looking to ramp up the pressure on the victim to force them to pay the ransom amount.”

So what do you do if you are the target of this type of scurrilous activity?

Network Administration Expert Tim Keary at Comparitech offers several key protections that networks can utilize against the threat of DDoS attacks, including security event managers and firewalls.

“DDoS attacks don’t cause any physical damage, they just block legitimate users from getting access to your site or service,” Keary writes. “Technical recovery is immediate because as soon as the fake connection requests stop, legitimate requests will get through. Reputation damage can take a long time to recover from.”

In general, the strength of a network’s resilience against DDoS attacks depends on how well security algorithms can sort out hostile and legitimate traffic. For instance, systems that can isolate certain types of traffic originating from botnets have been somewhat effective against some forms of DDoS activity.

On the ransomware side, the key protective action is to keep good backups and create redundant systems, so that if data is locked down, the victim simply goes to a legitimate backup and the item being held for ransom is essentially worthless.

Without backups and redundancy, that same data set can be immensely valuable and create a real concern for the victim’s network operations.

Keep an eye on trends like this one to understand where companies are going with cybersecurity, because it can have an effect on related tech markets