The old cliché that “history is cyclical” is an actuality in the world of security. Although the people may change and technology evolves, the motives and methods to perpetrate the crimes remain fairly consistent.

As we initially chronicled in our 2015 Neustar DDoS Attacks & Protection Report, and most recently discussed in our 2017 edition, DDoS attacks are continuing their dangerous evolution into a weaponized instrument used to perpetrate ransomware and extortion attempts.

As a consequence, the world is beginning to take note.

A recent rash of DDoS extortion plots are hitting Europe particularly hard, and if these attempts are successful and history is proven right, we could be in for a series of summer stickups.

“I could see this kind of thing coming from a mile away,” said Barrett Lyon, Vice President of Research and Development at Neustar and pioneer in the DDoS solution industry. “Anytime you have a new, disruptive technology that can be weaponized and harnessed to make money, targets and treasure will soon follow,” Lyon added.

“This is why I created the [DDoS solution] industry in 2003 - customers were receiving threats saying if they didn’t pay a ransom, then they would be hit with a denial of service attack and taken offline.”

Fast-forward more than a decade, and Lyon’s premonition continues to come true.

Today’s DDoS attacks and DDoS extortion threats are indiscriminately targeting industries and companies across the globe. And that type of global reach has also changed the way that attackers are demanding payments. Instead of requesting U.S. dollars, attackers are demanding to be paid in Bitcoin because it leaves less of a digital footprint, making it harder for authorities to locate the perpetrators.

And like any other crime, if a heist has been proven to be successful, then it only serves to embolden the attacker – and copycats who are also following along.

After the moderate success of the WannaCry ransomware attack in May, groups posing as the “Wanna Cry team” began sending very amateur DDoS extortion notes to organizations, resembling the thread below:

##########################

##########################

From: wannacry2@mail2tor

Date: 17 May 2017 at 11:09:14 PM IST

To: info@XXXXXXXXX

Cc: admin@XXXXXXXXX

Subject: ransom

hi,, we represent wanna cry ransomware and we will put your site

under attack through massive botnet under our control,, we will put

it under attack effective 4 pm thursday indian time. We will take it

down properly but we will interrupt it to annoy your users unless you

decide to pay us 2 Bitcoins. You have time till tomorrow 9 pm indian

time to decide after which we will unleash our botnet on your site

and then the ransom will increase by 1 Bitcoin daily as long as you

decide to delay and waste our time.

##########################

##########################

With the recent outbreak of the “Petya/NotPetya” ransomware attack, we would expect to see similar threads emerge in the next few days.

To be clear, the threatening email is NOT “ransomware,” it’s a DDoS extortion attempt, and there is something you can do about it.

Here are some options if you suddenly receive a DDoS ransom note:

1. Pay the Ransom (not recommended)

Even if the payment goes to the party that is actually responsible (and yes, there are many who have nothing to do with the attack, but solicit ransom from companies in the news), there are no guarantees that prompt payment will actually stop the alleged attack. Worse, if you do pay, there’s likely to be another team or individual out there who took note and see that you are an easy mark – get ready for Round 2.

2. Do Nothing (also not recommended)

This is an inherently risky proposition. On one hand, a number of DDoS for ransom threats have been just that – threats designed to scare companies into paying. But on the other hand, some threats have been carried out with devastating consequences for the businesses that didn’t comply with payment demands.

3. Invest in Resilience (recommended)

View yourself as a target and conduct honest assessments to identify and eradicate vulnerabilities that attract attackers. The problem with ransomware, malware, and DDoS attacks is that they can be never ending to organizations that focus on defense instead of resilience. Defense is checking a box. Resilience is frustrating and discouraging attackers so they move on to easier prey.

As a leading provider of security services and solutions, including top-tier DDoS mitigation, DNS, and IP intelligence, Neustar is on the front-line in the fight against those who seek to disrupt your online business and compromise assets. Neustar can help you get out in front of trouble – and keep you there.