Ransom DDoS Campaign: Circling Back


January 22, 2021 09:43 AM

During the last week of December, 2020 and the first week of January, 2021, Radware customers were targeted by DDoS extortionists for a second time by a global ransom DDoS campaign.

Download the Complete Alert

DDoS Extortions: Circling Back

During the last week of December, 2020 and the first week of January, 2021, Radware customers were targeted by DDoS extortionists for a second time by a global ransom DDoS campaign that initially started in August. Organizations received new letters that started with:

 
Maybe you forgot us, but we didn’t forget you. We were busy working on more profitable projects, but now we are back.”
 

Organizations that received this letter were companies that received threats in August and September of 2020. Analysis of this new wave of ransom letters suggests that the same threat actors from the middle of 2020 are behind these malicious communications.

  • Organizations that received these new letters did not respond/pay the ransom demand in the middle of 2020
  • Companies that received these new letters were not revealed to the media in August/September of 2020, so only the original threat actor would know these companies
  • Radware is confident that the same threat actors that initiated this campaign in 2020 are still active today.

The ransom letter continued:

 
We asked for 10 bitcoin to be paid at <bitcoin address> to avoid getting your whole network DDoSed. It’s a long time overdue and we did not receive payment. Why? What is wrong? Do you think you can mitigate our attacks? Do you think that it was a prank or that we will just give up? In any case, you are wrong.”
 

Bitcoin Surging

When the DDoS extortion campaign started in August of 2020, a single Bitcoin was worth approximately $10,000. At the time of publication of this alert, it is worth approximately $30,000. This was cited by attackers in this latest round of ransom letters and is representative of the impact the rising price of Bitcoin is having on the threat landscape.

 
We can easily shut you down completely, but considering your company size, it would probably cost you more one day without the Internet then what we are asking so we calculated and decided to try peacefully again. And we are not doing this for cyber vandalism, but to make money, so we are trying to be make it easier for both.”
 

Continue Reading...

Click here to download the full ERT Threat Alert.

Download the full threat alert Now

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia