How to spot a fake DDoS ransom attack

The number of DDoS for ransom attempts worldwide grew significantly during the last week.

Radware researcher and a former hacker Daniel Smith explains: “Distributed Denial of Service (DDoS) for Ransom attacks work by running a ‘sample’ attack on a company network while at the same time sending a note asking for payment, usually in bitcoin, by a certain date ‘or else’ they will hit the company with a much larger and more devastating attack. When companies pay up, the hackers take advantage of the situation by returning to extort again. It’s a simple game of squeezing more money once they know they have your attention.”

According to insight from Radware’s Emergency Response Team (ERT), many of the letters used to request the ransom are fake, yet companies are falling for the scam. Radware is warning SMEs to take caution when assessing the legitimacy of a threat, and to consider seeking expert advice to help decipher the threat level to their business.

How to detect a fake:

Fake hackers request different amounts of money. Armada Collective normally requests 20 bitcoin. Other campaigns have been asking for amounts above and below this amount. Low bitcoin ransom letters are most likely from fake groups hoping their price point is low enough for someone to pay rather than seek profession assistance.

Real hackers prove their competence by running a small attack while delivering a ransom note. If you can see a change in your network activity then it’s probably genuine

The fake hackers don’t link you to a website, or have official accounts, a good sign they are not organised

Real hackers tend to attack many companies in a single sector. Fake hackers target anyone and everyone