DDoS Extortion Attacks Are Increasing: Are You Ready?

DDoS, which stands for Distributed Denial of Service extortion campaigns, which also go by the name of RDDoS attacks or DDoS ransom attacks, have sharply risen over the last couple of months. This has even led to the FBI issuing warnings to US-based companies. 

These attacks are random and totally unexpected. They are usually announced using ransom notes that threaten a crippling and massive DDoS attack unless your company is able to send the perpetrators large amounts using a cyber currency within the specified deadline. 

What Should You Do If You Receive A DDoS Extortion Threat?

The first thing you should do is to avoid paying it. When you pay, you have identified yourself as an attractive target that invites a future attack, even when the attacker has vowed to leave your organization alone once you have paid them. The FBI recommends that you report an attack to your closest field office since any information you can provide might assist with identifying your attackers and holding these criminals accountable. 

The next step involves contacting your direct DDoS mitigation provider and sharing any details about the attack or threats you received. While a few of the extortionists won’t follow through with the attack, it is vital that you are prepared to deal with one if and when it materializes. Your DDoS partner should be able to assist you when you have been forewarned.

If, at this stage, you don’t have a precise DDoS mitigation strategy in place, the best time to develop one of these is now. When and if you are hit with RDDoS threats, you want to avoid having to scramble to come up with the appropriate defenses to protect your business. Below is our step-by-step guide on the best way to develop effective strategies that will ensure you are left standing through any actual attack or threat that you might receive. 

Step One:

Assess Your Tolerance And Your Risks

The first step involves evaluating all the online assets in your inventory that may be at risk should a DDoS attack arise in “the cloud”, where you live, in your data centre, with your service provider, and more. 

Review the list and then think about whether everything needs protection to make sure your company can carry on functioning. Outages might be acceptable when it comes to certain resources or assets. For example, your marketing microsite may be affected for some time, which should give you an indication of what protection solutions to pursue and the way to configure them. When you start evaluating any acceptable risks, make sure you do not overlook any possibilities that result in collateral damages to the assets that share this infrastructure with another potential target, especially your high-value targets. 

Step Two:

Assess Any Available Solutions To Defend And Protect Your Assets

There are several options available that you can choose to protect any of your assets when it comes to a DDoS attack. The ideal solution that matches up to your company has to do with the assets that require protection, how tolerant your organization will be when it comes to downtime, and any available IT resources. 

DDoS protection through a Cloud Service provider or your ISP might be a viable option, especially when you do not have extensive assets. It is typically easy to implement when you already have an existing business-based relationship with one of these providers. However, it is important to know that your provider is not a DDoS specialist, which means they might not provide the expertise, customizability, and protection as one of the specialists. 

The DDoS mitigation services are the best option when your organization runs on a much larger network, especially when your business spans several cloud providers or ISPs, or when your business has a very low tolerance when it comes to downtime. Cloud-based, carrier-agnostic providers will ensure the protection of your assets where they are hosted or housed and provide the expertise required to match up to any complex or complicated operational requirements. At the same time, these are usually an off-the-shelf solution, and even though they are generally designed to offer robust protection when it comes to many scenarios, they are not able to accommodate every type of network configuration. 

The “fully-managed” cloud DDoS platforms may be a better option when your digital assets or infrastructure is more extensive and complex; your in-house IT expertise is limited, along with the resources required to manage required mitigations and monitor traffic. Or when your existing expert team is unable to keep up with all the requirements of your organization. 

Managed services are more customizable and versatile, and flexible to provide protection to the most specialized and complex networks. They also include their own SOC that monitors assets and traffic 24/7, which can decrease the existing load that your team is experiencing without ever compromising your protection. 

Step Three:

Consider Mitigation Requirements And Strategies

After identifying the ideal DDoS protection type, the next step involves identifying specific capabilities to match your operation needs and network configuration, which can help you to start refining your search when it comes to qualified providers. 

DNS Swing Or BGP To Divert Traffic?

The BGP, which stands for Border Gateway Protocol, is a mitigation strategy that is best used to provide protection for your entire network or data centre when you are controlling a full IP Subnet. For web-only resources and cloud-hosted assets, when you are not controlling any of the subnets, you need to choose a provider that will implement a DNS, which stands for Domain Name System, to shift any attack traffic safely. The DDoS specialists don’t always provide both strategies. 

On-Demand Or Always On Services

Always-on protection will mean that any traffic will always be routed through the platform of your DDoS mitigation provider. This results in faster responses if an attack does occur, along with an increased peace of mind that comes with 24/7 protection. 

When it comes to on-demand protection, you would either need to set a specific “traffic threshold” that will automatically trigger mitigation or let your provider know when you are under attack. Since implementation and detection take some time (a few minutes or more), your assets are left exposed. On the brighter side of things, on-demand protection will cost less. 

*Note: Most of the providers will allow for creating a customized combination of on-demand and always-on solutions according to the prefix, which will allow you to take advantage of the benefits linked to each approach. 

Step Four:

Choose The Right DDoS Partner To-Plan Appropriately For Your Protection

When your needs are clearly defined, you have arrived at the objective criteria needed to compare DDoS mitigation providers to help you choose a partner to offer the protection you have found as essential to carry on providing for your exact operational requirements. 

When you start comparing providers based on your exact requirements, don’t make the mistake of overlooking their main capabilities when it comes to the geographic reach and capacity of the provider’s mitigation network, protection relating to application and protocol layer attacks, volumetric, and whether they have complementary solutions available, and finally a robust and reliable service legal agreement. 

Once you have chosen a provider, you need to share any basic information linked to your “peacetime” traffic and your assets to give them the information they need to work out your protections so that they can offer a reliable method to provide protection for your network. You should prepare to offer the following information:

  • The total amount of inbound traffic that occurs under standard or normal circumstances
  • Predictable cyclic variations when it comes to traffic volume (daily, weekly, and monthly)
  • The scope relating to your IP address space
  • Protocols, applications, and ports that run in each of the subnets

Now is also a great time to formulate your “run book” for every critical asset, which details the protection required, and if any downtime is allowable. 

Step Five:

Make Sure Your Provider And Your Plan Is Up To Date

The most effective DDoS strategies are never set-it-and-forget-it solutions. Configurations and devices change constantly. Your DDoS mitigation plan needs to match up to these changes as they occur. 

You should have a plan in place to perform a service review with your key IT team members and your provider every quarter or less. You should also test your current protection during these schedules. If your applications and network changes more frequently, these tests and reviews need to be conducted more frequently. 

Making sure that you inform your DDoS partners about the status relating to your business needs, configurations, and assets can help them to improve their services when it comes to providing the protection that you require.

Leave a comment