To Pay or Not to Pay: It’s About the Provider

In the past few months, Radware’s threat research center has issued several alerts about a global ransom DDoS campaign targeting finance, travel and e-commerce (read the threat alert and the campaign update). With the proliferation of DDoS-for-Hire tools (read the alert), economics favor the attackers, who can easily launch massive DDoS attacks to extort organizations that generate their revenues online.

The ransom fee is typically set between 1 to 10 BTC, depending on the organization’s revenue scale (10 BTC is equivalent to $113K). How is the ransom calculated? It’s not a random value; it represents the investment in proper defense against DDoS attacks.

It’s About the Provider

The question–to pay or not to pay–goes back to another question: who is your DDoS mitigation provider? If you are paying up to $1,000 per month to protect against DDoS attacks, you are paying it to a provider who assumes that you are rarely attacked and mainly looks for an “insurance-level” protection. If you are paying $10,000 per month (assuming your internet traffic is above 1Gbps), then your provider assumes you are constantly targeted by attackers.

So, what is the difference between the $1K provider and the $10K provider, and how is it relevant to the ransom DDoS campaign?

[You may also like: Radware Threat Researchers Live: DDoS-For-Hire]

The $1K providers offer DDoS protection for companies that would rarely be attacked. Their infrastructure is designed for sporadic attack events, limited mitigation capacity and basic SOC. Why basic? Because when you handle infrequent attacks you cannot grow expertise on par with attack techniques and advancements.

The $10K providers offer DDoS protection for companies that are under constant attack, and their business is sensitive to service degradation or outages. Their infrastructure is designed for high volume attack mitigation and their SOC handles attacks on a daily basis – which makes them real experts in what they do.

[You may also like: How to Respond to a DDoS Ransom Note]

To Pay or Not to Pay?

Now the answer is quite simple: if you have partnered with an experienced DDoS mitigation provider, you are safe to ignore the ransom letters. Furthermore, paying the ransom demand will only incentivize the malicious actors to continue their campaign.

Download Radware’s “Hackers Almanac” to learn more.

Download Now

Ron Meyran

Ron Meyran leads the marketing activities, partner strategy and Go-to-Market plans for Radware’s alliance and application partners. He also works to develop joint solutions that add value proposition and help drive sales initiatives – designed to increase visibility and lead generation. Mr. Meyran is a security and SDN industry expert who represents Radware at various industry events and training sessions. His thought leadership and opinion pieces have been widely published in leading IT & security industry magazines and he holds a B.Sc. degree in Electrical Engineering from Ben-Gurion University and a MBA from Tel Aviv University.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center