There have been reports of a new global ransom distributed denial of service (DDoS)-related campaign targeting organisations. The targeted entities include organisations in the finance, travel and e-commerce industries.
Targeted organisations may receive an extortion email from threat actors that demand a ransom fee, and threaten to launch a DDoS attack on the organisation's services or infrastructure if the ransom was not paid. The threat actors may also conduct small-sized demo attacks to prove that the extortion is not a hoax. It has also been observed that ransom demands have gone up from 1 BTC or 2 BTC in 2019, to between 10 BTC to 20 BTC in some reports.
Organisations are responsible to secure their own infrastructure, and need to adopt the necessary precautionary measures to protect themselves from falling victim to such attacks. Some of these measures include:
• Identifying the Internet-facing systems (such as website, web application and domain name system (DNS)), and making sure that these are adequately protected
• Considering engaging a DDoS protection service provider, to identify and block such attacks automatically before the services or infrastructure are affected
• Ensuring that systems, software and applications are promptly updated to the latest versions
• Promoting awareness among employees to always practise good cyber hygiene measures
• Maintaining an offline back-up of the important data that is needed to keep operations running, and developing an incident response plan to deal with such contingencies
If you are a victim or have noticed symptoms of a DDoS attack on your organisation’s systems, contact your Internet Service Provider (ISP) or hosting provider. They may be able to advise you on an appropriate course of action. Do also report any ransom DDoS attacks to SingCERT to provide information that could help prevent attacks against other targets.
For more information, refer to: