As a negotiation tactic to force victims into paying, Avaddon ransomware operators are now using DDoS attacks. This kind of attack is now termed as Ransom DDoS or RDDoS attack, which has already been put to use by a few ransomware operators, including RagnaLocker and Suncrypt.
When a victim does not contact them after the attack, this tactic proves to be useful for the threat actor.
Insights –
After encrypting the files on the victim’s network, to put additional pressure for paying the ransom, with the use of this tactic attackers usually floods their website or a network connection with large requests.
- A message was posted on the victim’s website claiming that they will continue the DDoS attack until they make contact or pay the ransom.
- A wide range of file types, including images, videos, spreadsheets, documents, audio files, videos, databases, and archives are infected post the infection.
- Additionally, Avaddon encrypts important data and renames the infected file with the .avdn extension.
- Various infection vectors, such as corrupted advertisements, spam emails, fake social media posts/pages, or fraudulent software updates can be used to spread the ransomware.
DDoS Attacks in Recent Times –
- Recently, a DDoS campaign was found that targeted victims twice after they failed to pay the initial ransom.
- In late 2020, a major Fortune Global 500 organization was targeted by the Lazarus Group.
This RDDoS tactic has proved to be effective for the cybercriminals as it puts pressure on the organization to pay the ransom quickly. Consequently, our internal experts suggest taking a proactive approach and taking backup of important data, using strong passwords, updating every network device, and providing training to employees on identifying phishing emails.
To read more, please check eScan Blog
