| I have been hearing about an increase in DDoS based ransomware. This is when an attacker threatens to take out your network unless you pay a ransom before a deadline. Cloudflare just sent me a note about it, which I thought it was good and would share it. Here is that note. I agree regarding DO NOT PAY. I have posted about many similar ransom based threats that turn out to be all bark but no bite. For example, this scam regarding having recordings of you I posted about HERE. Here is the email I received from cloudflare. Dear Cloudflare Customer: We are reaching out because over the last several weeks, there has been an increase in ransom-driven DDoS attack threats. Entities claiming to be Fancy Bear / Cozy Bear / Lazarus are threatening to launch DDoS attacks against organizations’ websites and network infrastructure unless a ransom is paid before a given deadline. Prior to the ransom note, a small DDoS attack is usually launched as a form of demonstration. The demonstration attack is typically a UDP reflection attack using a variety of protocols, lasting roughly 30 minutes in duration (or less). An excerpt of the ransom note is here: |
| “We are the Fancy Bear and we have chosen <company name> as target for our next DDoS attack. Your whole network will be subject to a DDoS attack starting at Monday (in 6 days). (This is not a hoax, and to prove it right now we will start a small attack on a few of your IPs that will last for 30 minutes.” |
| The ransom note is typically sent to the common group email aliases of the company—i.e. noc@, support@, help@, legal@, abuse@, etc. In several cases, it has ended up in spam. You can view a sample of the whole ransom note here. You can also view the FBI report here. What to do if you receive a threat: Do not panic and do not pay the ransom: Paying ransom only encourages bad actors—and there’s no guarantee that they won’t attack your network now or later. Notify local law enforcement: They will also likely request a copy of the ransom letter that you received. |