Old and Bold: DDoS Advancing the Gameplay of Ransomwares

Felissa Mariz D. Marasigan , Arabelle Mae F. Ebora

Verizon, MERALCO

Abstract:

In 2020, Covid-19 prompted a massive transformation in the cyber world wherein dependence on the internet has been more visible than ever. This substantial worldwide shift to digital services and activities gave more opportunities for attackers to target several industries such as gaming, gambling, telecommunications, finance, education, health and power industries, and many more. Now, as the pandemic continues, cybercriminals are constantly innovating to make their attacks more effective than before. Brought about by the sudden increase in cyber traffic, cybercriminals established a triple extortion tactic utilizing DDoS. Triple Extortion Tactic is a Ransom-related distributed denial of service (aka RDDoS) that aims to expand the ransom payout for the cybercriminals. Due to its effectiveness, ransomware payments have spiked by 171%, averaging about $310,000 — and that globally, the number of attacks has surged by 102%.

Previously, DDoS served as a ‘smokescreen’ – a diversion as the criminals sneak in to deploy the ransomware on the victim’s system. Without further malicious activities moving forward, the threat actors wait for the victims to pay the ransom in exchange for the alleged decryption key. Now, we will take a closer look at how DDoS became the ‘game changer’ of ransomware attacks that puts the cybercriminals at an advantage against their victims. This new ransomware scheme has been evident from the recent attacks deployed by the ransomware operators of SunCrypt, Ragnor Locker, Avaddon, Darkside, and the perpetrator of the Colonial Pipeline incident.

In this research, first, we will identify the signs of an RDDoS extortion attack by identifying the attack vectors observed from recent incidents like IPv4 protocols launching packet-flooding attacks and a demonstrative DDoS attack that targets a specific element of an organization’s online services/application delivery infrastructure to prove that the threat is real. Then, we will recognize the more sophisticated tactics, techniques and procedures developed by the threat actors after utilizing DDoS that made this scheme more dangerous. Lastly, as it is clear that ransomware groups will continue to evolve and develop new tactics to compel victims to pay increasingly expensive demands, we will enumerate ways to deal with RDDoS threats proactively in order to mitigate risks before it happens.