Ransoms - The Growing Business Model Of The Internet
08 Jun 2021Holding data to ransom has become a common business model on the internet. You will no doubt have heard of ransomware and the damage it can cause. There is a new ransom attack on the rise called a ransom-DDoS where businesses receive an email threatening that their website will be taken down using Denial of Service unless a ransom is paid. And there is almost nothing you can do about it. This kind of attack is incredibly easy to do with the availability and scale of bot farms out there at the moment.
Fortunately, if you are using Cloudflare to manage your DNS then it is already protected against ransom-DDoS and other DDoS attacks. Take a look at this email I received today from Cloudflare about ransom-DDoS attacks. As cloudflare says "your Cloudflare-protected Internet property is already safeguarded against these threats."
Dear Cloudflare customer:
We are reaching out because of the recent resurgence in ransom-driven DDoS threats that are targeting organizations of all sizes.
This email is to notify you that your Cloudflare-protected Internet property is already safeguarded against these threats. Please know that if your organization is ever threatened with a ransom DDoS attack, we stand ready to help.
What is a ransom-DDoS attack?
A ransom DDoS (RDDoS) attack is when a malicious party attempts to extort money from an individual or organization by threatening them with a distributed denial-of-service (DDoS) attack.
Most ransom DDoS attacks start with a ransom note sent to the target in which the attacker threatens the business or organization. In some cases, an attacker may carry out a small demonstration attack to illustrate their seriousness before sending a ransom note.
What to do if you receive a threat?
- Do not panic and do not pay the ransom: Paying the ransom only encourages bad actors and theres no guarantee that they wont attack your network now or later.
- Notify local law enforcement: They will also likely request a copy of the ransom letter that you received.
- Enable Under Attack Mode during an active DDoS attack: All Internet properties proxied by Cloudflare are already protected against DDoS attacks of any size and kind. The Under Attack Mode performs additional security checks to help mitigate Layer 7 DDoS attacks. Validated users access your website and suspicious traffic is blocked. Learn how to enable the Under Attack Mode here.
- Enable DDoS protection for network infrastructure: If your organizations network infrastructure (Layer 3/4) is exposed to the Internet, consider adopting Cloudflare Magic Transit to extend the Cloudflare protection you get for your web assets to your entire IP infrastructure.
- Enable DDoS alerts: If you are on a Cloudflare paid plan, you can be notified immediately in the case of an attack on your Cloudflare protected Internet-property. Click here to enable DDoS alerts from your dashboard.
- Review our support docs: Learn best practices to secure your Cloudflare-enabled site and review how to respond to ransom notes threatening a DDoS attack here.
It is no secret that I am a Cloudflare fanboy. In my professional opinion, anybody who runs a website without using Cloudflare as their DNS these days is crazy. Cloudflare keeps your website safe, fast and online. Never let somebody move your DNS to a place like GoDaddy or you will lose this kind of protection, and you may end up being extorted for money (!!). If somebody does suggest moving your DNS to a service that is not Cloudflare then you can assume they are not a website expert (even I.T. or email experts are not always web experts) and you should talk to somebody like me who is.
If you have any questions about a ransom-DDoS threat or about Cloudflare then please ask me. I am always here to help.
Gerard McDermott
GMAC Internet Solutions
