Maninder Bharadwaj
Global Business Head – Cyber Security and Risk Management
Tech Mahindra

Never negotiate or pay ransoms, as then the criminals will keep coming back for more.  It sounds like something out of a film or a TV show, doesn’t it? When we are talking about business and cyber security, there are so many variables to consider should you receive a ransom note, not least your brand reputation and service availability. Ransom DDoS attacks, which seem to have been on the rise for several years now, may be something that your business needs to grapple with.

Ransom DDoS attacks continue to grow in number and sophistication

Cybercrime groups target businesses and threaten to launch a DDoS attack unless they are paid a crypto-currency ransom. And no organization is exempt, ransom DDoS attacks can affect businesses of all shapes and sizes.

Are ransom DDoS attacks here to stay?

As COVID-19 has accelerated the move to a more hybrid IT infrastructure, the surface area to protect has increased and hackers are looking to exploit any vulnerabilities. Experts have also shared that DDoS attack threats can be used as a decoy to distract security attention away from larger security threats.

It is likely that this method of attack will continue and with the wider surface area available to criminals, they may even increase in frequency and sophistication.

What does an attack look like?

Usually, an attack starts when a business receives a ransom letter. The purpose of the letter is two-fold; firstly, attackers have obtained confidential information such as IP addresses and, secondly, that they intend to carry out an attack if a crypto-currency ransom is not paid. Ultimately, the attackers want to scare a business into paying the ransom.

At this point, a business needs to decide whether to pay the ransom. With ransom DDoS, the risks are different from a ransomware attack. Here, there is no risk of data leaking that could impact customers’ privacy or information that can get lost. However, it is not an easy decision and there are lots of factors to consider, such as brand reputation and loss of network availability affecting staff productivity.

Be aware that it is illegal to pay a ransom attack in some countries and in some regions, which is why hackers ask for cryptocurrency which is harder to detect and track.

Common misconceptions about these types of attacks

The most common misconception about these types of attacks is that, like DDoS protection, some businesses simply don’t realize they are not protected until they face an attack.

Another misconception is the belief that criminals only target high-profile organizations. In fact, it can be technically relatively simple to set up a ransom DDoS attack, and financially rewarding to do so, so all businesses should ensure they have assessed their risk and planned for all eventualities.

Can you prepare in advance?

The best response is to plan ahead and work with your security provider to understand what actions need to be taken to protect your infrastructure.

Looking at the example shared earlier, the business refused to pay and was attacked soon after the deadline had passed. The threat was genuine and there was a huge, sophisticated DDoS attack lasting 10 hours and reaching 237 GBPs.[1]

The client was not impacted, the network remained available to legitimate users, and the business was able to continue to operate as normal. This was because the company already had a fully deployed hybrid DDoS protection which included several on-premise devices which diverted traffic to Radware’s Cloud DDoS Protection Service, including over 8Tbps of mitigation capacity.

How should businesses respond if they receive a letter?

Should your business receive a ransom DDoS letter, no matter what you decide, talk to your security provider to alert them to the situation.

Depending on how prepared the business is, you can decide on the best approach and what the next steps would be. As attacks develop in volume and sophistication, sometimes security teams lack the skill set to be able to implement a mitigation solution. Working with a managed service provider like Tech Mahindra, our cyber-security experts can work with your IT teams to identify what might be required. The Cloudefender solution offers comprehensive cybersecurity protection to customers for both network and applications regardless of whether infrastructure is cloud-native, hybrid, or data center-driven.

Even if a business has not already implemented an appropriate level of cover, in the event of an active attack, Tech Mahindra can support customers via our partner Radware, who provide an emergency attack mitigation service – which enables a one-time option to divert traffic to Radware’s Cloud DDoS Protection Service to mitigate an ongoing attack.

The best approach is via preparation, so why not assess your security solution now for how protected you might be in the event of an attack?

About the Author:

Maninder Bharadwaj
Global Business Head – Cyber Security and Risk Management

Maninder is the Global Business Head for Cyber Security and Risk Management (CSRM) at Tech Mahindra. While responsible for P&L of CSRM, he is focused on growth of global CSRM in a holistic manner. He has over two decades of experience in Cyber Risk and Risk Advisory consulting serving diverse clients located in Asia, Americas and Europe. He has consulted in various industries including Consumer Business, Life Sciences, Manufacturing, Oil & Gas and BFSI. Maninder has gained a well-rounded management experience by being in roles of Risk Advisory CTO, Risk Advisory Clients & Industries Leader, Practice COO, Leader of large firm accounts and regional leader. He is passionate about strategy, innovation and product development.