Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom.
In October 2020, we reported that ransomware gangs were beginning to utilize DDoS attacks against a victims’ network or web site as an extra tool to force them to pay a ransom. At the time, the two operations using this new tactic were SunCrypt and RagnarLocker.
A distributed denial of service (DDoS) attack is when a threat actor floods a website or a network connection with more requests than it can handle, making the service inaccessible.
When a company suffers a ransomware attack, many victims restore from backups and do not bother contacting the attackers.
The Avaddon ransomware gang now uses DDoS attacks to take down a victim’s site or network until the victim contacts them and begins negotiating.
“Also, their site is currently under DDoS Attack, we will attack it until they contact us,” Avaddon stated on their ransomware data leak site.
For one of the victims that Avaddon is currently performing a DDoS attack, you can see that the website is no longer accessible.
Emsisoft threat analyst Brett Callow, who shared this development with BleepingComputer,
“It’s not at all surprising to see threat actors combining ransomware and DDoS attacks: DDoS is cheap, easy and in some cases may help convince some companies that speedy payment is the least painful option. The more pressure the criminals can put companies under, the better their chances of extracting payment,” Callow told BleepingComputer via email.
When Maze introduced a double-extortion strategy, other ransomware gangs quickly adopted the method. It is too soon to tell if threat actors will adopt DDoS attacks similarly.