Radware Alert: Fancy Lazarus DDoS Extortion Group is Back with New Campaign Focused on Unprotected Assets Across All Industries


MAHWAH, NJ June 14, 2021 06:00 AM

Radware Onboards Numerous Customers with Fancy Lazarus Ransom Letters in Recent Weeks

Radware® (NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, published a cybersecurity alert warning that Fancy Lazarus, a well-known distributed denial of service (DDoS) extortionist, has resurfaced with a new campaign focused on organizations with unprotected assets across all sizes of companies in all industries.

Less than a year ago, a Ransom DDoS threat actor posing as “Fancy Bear" and "Lazarus Group” was targeting specific industries such as finance, travel and e-commerce organizations and was blind to whether these organizations had DDoS protection or not. This earlier campaign turned out to be one of the most extensive and longest-running DDoS extortion campaigns in history.

Lately, Radware has identified an increase in emergency onboardings from new customers that have had DDoS ransomware threats. In recent weeks, Radware has been monitoring an increase of activity from a threat actor calling himself Fancy Lazarus targeting organizations with assets that were supposedly not adequately protected and inviting them to pay a ransom rather than endure devastating DDoS attacks.

In their letters, the extortionists give their victims seven days to buy the Bitcoin and pay the ransom before they start their DDoS attacks. Each day after the deadline passes without payment increases that fee. The ransom demand varies between targets and seems to be adjusted to a target’s reputation and size. The ransom demand is also less expansive compared to the huge demands of 10 and 20 bitcoin (currently, about $370,000 and $740,000 at time of writing) witnessed from last summer’s campaigns. Demands now generally vary between 0.5 Bitcoins ($18,500) and five Bitcoins ($185,000) and increase by the same amounts for every day the deadline is missed.

“This is the first time we are seeing the bad actors selectively target organizations and favor those with unprotected assets for their ransom letters,” said Pascal Geenens, Director of Threat Intelligence, Radware. “This implies that malicious actors are leveraging Border Gateway Protocol routing information to detect whether targets are protected by always-on cloud protection services. In addition, we’re seeing that ransom DDoS, which traditionally was an event limited in time with yearly spikes, is now becoming a persistent threat, and should be considered an integral part of the DDoS threat landscape.”

Reports from victims impacted by follow-through attacks of this extortion campaign confirm this observation. Most Internet Service Providers (ISP) and Cloud Service Provider (CSP) victims were equipped with DDoS mitigation services to protect their customers. However, it appears that not all of them were prepared for large, globally distributed attacks targeting their DNS servers or saturating their internet links. Very large and globally distributed DDoS attacks can only be effectively mitigated by stopping malicious traffic closest to its source and never allowing multiple geographically distributed traffic streams to flock. Only globally distributed and anycasted protection services are effective against these kinds of DDoS attacks.

Geenens added, “The recent uptick in criminal activity should be a strong reminder to enterprises, ISPs and CSPs of any size and industry to assess the protection of their essential services and internet connections and plan against globally distributed DDoS attacks aimed at saturating links. This is especially in the case of service providers and their DNS services. We believe hybrid DDoS solutions provide the best of both worlds with on-premises protection against all types of DDoS attacks while automatically diverting to a cloud DDoS Service when the attack risks saturating the internet link.”

About Radware

Radware® (NASDAQ: RDWR), is a global leader of cyber security and application delivery solutions for physical, cloud, and software defined data centers. Its award-winning solutions portfolio secures the digital experience by providing infrastructure, application, and corporate IT protection and availability services to enterprises globally. Radware’s solutions empower enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com.

Radware encourages you to join our community and follow us on: FacebookLinkedIn, Radware Blog, Twitter, YouTube, and Radware Mobile for iOS and Android.

©2021 Radware Ltd. All rights reserved. Any Radware products and solutions mentioned in this press release are protected by trademarks, patents and pending patent applications of Radware in the U.S. and other countries. For more details please see: https://www.radware.com/LegalNotice/. All other trademarks and names are property of their respective owners.

Radware believes the information in this document is accurate in all material respects as of its publication date. However, the information is provided without any express, statutory, or implied warranties and is subject to change without notice.

The contents of any website or hyperlinks mentioned in this press release are for informational purposes and the contents thereof are not part of this press release.

Safe Harbor Statement

This press release includes “forward-looking statements” within the meaning of the Private Securities Litigation Reform Act of 1995. Any statements made herein that are not statements of historical fact, including statements about Radware’s plans, outlook, beliefs or opinions, are forward-looking statements. Generally, forward-looking statements may be identified by words such as “believes,” “expects,” “anticipates,” “intends,” “estimates,” “plans,” and similar expressions or future or conditional verbs such as “will,” “should,” “would,” “may” and “could.” For example, when we say that we provide solutions to increase the healthcare customers’ secure connections without impacting performance, we are using a forward-looking statement. Because such statements deal with future events, they are subject to various risks and uncertainties, and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware’s current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions and volatility of the market for our products; natural disasters and public health crises, such as the coronavirus disease 2019 (COVID-19) pandemic; our ability to expand our operations effectively; timely availability and customer acceptance of our new and existing solutions; intense competition in the market for cyber security and application delivery solutions and in our industry in general and changes in the competitive landscape; outages, interruptions or delays in hosting services or our internal network system; our dependence on independent distributors to sell our products; undetected defects or errors in our products or a failure of our products to protect against malicious attacks; the availability of components and manufacturing capacity; the ability of vendors to provide our hardware platforms and components for our main accessories; intellectual property infringement claims made by third parties; our ability to attract, train and retain highly qualified personnel; and other factors and risks over which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, refer to Radware’s Annual Report on Form 20-F, filed with the Securities and Exchange Commission (SEC) and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia