A group that calls itself Phantom Squad has launched an email-based ransomware DDoS (RDoS) extortion campaign against thousands of companies across the globe in the past week. They are threatening to launch DDoS attacks on their target victims on September 30 unless each victim pays about $700 in bitcoin. Fortunately, it appears this is only a group of extortionists making idle threats. Security experts predict that this group’s bark is worse than its bite; i.e., they doubt that Phantom Group has the technical power to actually launch multiple DDoS attacks on various targets. Unfortunately, there are hackers out there who do real damage by installing ransomware and launching a DDoS attack, and such attacks are becoming all too common.
DDoS and ransomware attacks often go hand in hand, and they can take two forms: 1) a threat of DDoS unless the victim pays the extortion fee or 2) a DDoS attack that precedes the ransomware installation. In most cases, it is the latter. A short, sub-saturating DDoS attack, which usually lasts less than five minutes, can serve as a smokescreen that distracts IT security staff from a more dangerous infiltration of the network. While IT staff scramble to troubleshoot “noise” on the network, hackers can find pathways and test for vulnerabilities within a network which can later be exploited through other techniques. They can subtly take down a firewall and install malware that may “sleep” on the network until it is remotely activated. Also, some low-threshold DDoS attacks go completely unnoticed by IT security staff.