DDoS Extortion - Prepare Yourself

DDoS Extortion – Prepare Yourself

By: Darin Barton CISSP, CISA

2016 has seen an increase in DDoS extortions for two simple reasons – it’s low risk and companies are willing to pay. The question is, what would you do?

In March 2016 a group calling themselves the Armada Collective began sending emails to a variety of businesses providing on-line services. These email indicated that they would soon be facing a DDoS (Distributed Denial of Service) attack in the 1TB range for an extended period of time unless they ponied up 20 Bitcoin (approximately $4,500.00 USD ).

It turns out this particular “group” was a mimic of the original Armada Collective, a credible group of cyber-criminals active since 2014. The original Armada Collective were suspected members of Bitcoin extortion group DD4BC (Distributed Denial for Bitcoin) who were arrested in January of 2016. Their extortion emails were slightly different from the mimic-Collective in that they would consistently identify a specific time and date to conduct a sample DDoS attack to prove they were serious. The test attacks would consistently generate 5-10Gbps of traffic and companies would often pay.

Here is a copy of a recent extortion email from the mimic Armada Collective:

These extortion attempts generate a great deal of concern and angst within companies receiving them. Having never faced these threats before, with a little bit a research, they can quickly ascertain that the threat might be credible. When your company (and customers) depend on the Internet and you’re faced with a 1Tbps DDoS attack, paying the extortionists demands requires some consideration.

A few things to consider

Payment does not mean you wont be attacked or ransomed again.
While some mimic groups can execute a DDoS attacks, most of them do not follow through.
1Tbps DDoS-While Possible is Not Probable: According to Arbor Networks, specialist in DDoS mitigation, the majority of DDoS attacks never exceed 35Gbps which can be mitigated in several ways.

The final thought

If you receive one of these extortion email – DO NOT PAY! In most likelihood, you will not be attacked and paying does not guarantee that you won’t be ransomed again. More importantly, if everyone would stop paying ransoms then this type of cyber-criminal activity would cease to exist.

Notify the RCMP and/or FBI and take immediate mitigation steps to ensure you are protected.

Determine if the cost of mitigation is worth it – paying more for mitigation than will be lost in business or brand equity is worth knowing. And, sometimes paying a ransom doesn’t benefit your brand equity as identified in this article by GovTech.

There are plenty of DDoS mitigation techniques available and a wide variety of solution partners and manufactures to choose from. My recommendation: check out Imperva/Incapsula and Arbor Networks for DDoS protection for your web sites, network and infrastructure.

Having a hardware DDoS appliance at your networks point-of-presence or a WAF appliance capable of DDoS protection is always a good idea but leveraging the cloud for web site and infrastructure DDoS protection is your best bet for immediate coverage and more important for sustained attacks over 40Gbps. In addition, your upstream ISP may have solid DDoS protections in place. Work with them on monitoring and detection and next step mitigation.

:Darin Barton CISSP, CISA is a senior security professional in Toronto Canada, with 20+ years experience in cybersecurity and investigations and currently employed with Access 2 Networks Inc. (A2N).

Testimonials

"Outstanding support... Unmatched technical expertise. Unbiased opinion. The level of service from A2N post-sales is unparalleled in the industry."

Jamil El Ghazal, Manager, Multiview Corporation

"Thank you for always going above and beyond. Your managed cybersecurity services are exceptional and you constantly demonstrate your dedication to customer service."

Brad Waller, IT Manager, Commonwell Mutual Insurance

“Special thanks to you and your team for the quick turnaround. This is why I keep coming back!”

Byron Bricker, IT Manager, Konrad Group

“…we were really impressed with their service and capability. Most importantly, they share their knowledge. I would recommend them to anyone.”

Guy Parisien, Network Administrator, Canada Council for the Arts

“A2N is one of those companies that just knows how to do things right. They were the best partner choice I ever made. Highly recommended!”

Steven Waters, VP IT, Cannex Financial Exchange

“The team at A2N have helped us out time after time from consulting to fixing. They can always be counted on for their support and they deliver amazing results. These guys, simply, are incredible! “

Chris Stapells, IT Manager, RPM Technologies

"As a major health care provider, we needed a key partner in helping us identify and design a comprehensive solution. Our continued working relationship and aftersales support has been exemplary. I would highly recommended A2N"

Christopher Broadbent, IT Department, Ungava Tulattavik Health Center

A2N – IT Matters-Secure IT

BLOG