Responding to DDoS Ransomware Demands & Attacks

South Korean financial institutions are bracing themselves for what may be an onslaught of distributed denial of service (DDoS) ransomware attacks in the next few days. That’s largely because last week a DDoS hacking group known as the Armada Collective launched a DDoS attack against a South Korean web hosting company Nayana. The company actually paid the ransom fee in Bitcoin dollars, the equivalent of about 1 million USD.

Fueling Ransomware Demands

It’s a case example of how one highly publicized event wherein the targeted victim succumbs to the demand causes the extortion game to spread like wildfire, inspiring other attackers to utilize the extortion technique. According to,

According to local media, seven banks have received emails that asked the organizations to pay ransoms of nearly $315,000 or suffer downtime via DDoS attacks…Nayana’s payment was the largest ransomware payment ever made and may have involuntarily put a giant bullseye on the backs of all South Korean businesses, now considered more willing to pay outrageous ransom demands to be left alone.”

In general, law enforcement agencies discourage companies from giving in to hackers’ demands. In this situation, the Financial Supervisory Service of South Korea has told local banks not to cave into threats by DDoS attackers.

Besides the financial loss that a company may experience by paying the ransom, companies must consider another risk: i.e., that they still will be subject to a DDoS attack by the hacker. After all, caving in to the hackers’ demands offers no guarantee that the attackers will keep their word.  Extortionists are not known for their moral code or integrity.

Stopping the Spread of Ransomware Demands

What if a hosting company like Nayana, or a financial institution, had adequate DDoS protection in place? Simply put, the hackers would not have any leverage, and the targeted company would not have to even think about paying any ransom. End of story.

Corero customers that have been faced with DDoS ransomware campaigns have allowed the threats to come and go without succumbing to the ransom requests. In some cases the attacks have been carried out due to “lack of payment,” with attackers launching a variety of attack techniques and methodologies, but the Corero SmartWall® Threat Defense system held strong, fending off any attacks. In other scenarios, DDoS attacks are first launched against the Corero customer, and ransom requests quickly follow, with the promise of ending the attacks after payment has been secured.

In either case, Corero customers have been successfully protected against these attacks with in-line, real-time DDoS protection. Attacks are detected and mitigated instantly, without disruption of good user traffic flow. Unfortunately, too many organizations operate reactively when it comes to DDoS defense, and only look to implement dedicated security solutions after a threat, or once attacks have occurred.

Weighing the Likelihood of a DDoS Attack

You may argue that it also costs money to purchase DDoS protection, therefore your company wants to take its chances. When weighing the costs and risks, a company may ask, what is the likelihood that our company will undergo a DDoS attack? The answer depends, of course, on your industry and your network attack surface. It is safe to say that some industries are more prone to DDoS attacks: for example, the financial service, web hosting and Internet service provider industries are just a few industries that are commonly targeted. However, DDoS attacks are so easy and inexpensive to launch that it is increasingly likely that any company could be attacked.

Companies have choices in the type of DDoS protection, and they must find a solution that is cost-effective for them. If a company experiences frequent DDoS attacks, then it makes little sense to rely solely on a cloud scrubbing service, because “swinging out” bad traffic can be expensive. It also can be less effective because that approach depends heavily on human security agents noticing DDoS traffic, and it takes more time for the traffic to be rerouted.

DDoS mitigation solutions have evolved, and become more affordable, for companies of all sizes. Small to midsize enterprises can purchase DDoS protection as a service from their hosting or Internet Service Provider. Large enterprises can do the same, or they can have an on-premises DDoS protection appliance to protect their network.

DDoS ransomware attacks are preventable, and an ounce of prevention is worth a pound of cure. Read more about DDoS ransomware here.

Leave a Reply