DDoS Attack Featuring Embedded Ransom Note Identified
Table of Contents
- By David Lukic
- Published: Mar 11, 2022
- Last Updated: Mar 18, 2022
A days-long DDoS cyber-attack complete with an embedded ransom note has been halted. DDoS is an acronym that stands for distributed denial of service. Though the company targeted by the attack has not been identified, digital security experts mitigated the threat.
Who Launched the Attack?
Digital security specialists believe REvil is responsible for the cyber-attack. REvil hackers transmitted a ransom note just ahead of the attack. The unidentified website was attacked at a rate of 2.5 million requests per second.
Perhaps this attack is unique because the targeted business was not contacted with the request for the ransom payment after its computers and networks were locked. The hackers likely reached out to their target before the attack to make it clear that they wanted the ransom paid in bitcoin.
However, the attack was successfully defended, meaning the victim probably did not fork over the ransom payment. The digital defense team responsible for the attack mitigation notes Meris botnet played an essential role in the attack.
Who Discovered the Attack?
Cloudflare and QRator Labs initially discovered the botnet activity central to the threat. The botnet activity was found within massive DDoS attack waves. At its strongest point, the DDoS attacks monitored by the firms included a whopping 21 million requests every single second. The most significant attack lasted nearly an entire minute and measured 2.5 Mrps. In fact, one of the company’s sites suffered an attack that lasted an entire 10 minutes.
The attacks hit the target business in a sequential manner on a single day. However, the digital security specialists who thwarted the hack have not revealed the specific day that the attack began.
How Did the Hackers Design the Attack?
The hacking collective responsible for the threat temporarily bypassed mitigation attempts by switching between attack vectors and using ransom messages. The group continued to hike its payment requests in an attempt to shock the victim. The attack emanated from a whopping 35,000 sources, complete with several million requests from individual IP addresses.
The hack stretched on for several days. Some of the attacks lasted for multiple hours. The hack included attacks that peaked at 750,000 requests in a single second. All in all, the digital defenders responsible for halting the attack state they mitigated more than 12 million of the embedded requests that zeroed in on multiple URLs within the same target’s overarching website. The second day of attacks included 15 million such requests.
How Much Money Did the Hackers Request?
At the time of this publication, the amount of the ransom has not been revealed. Furthermore, the target company has not stated whether it paid all or part of the ransom. It is particularly interesting to note that the company in question is publicly traded. Reports indicate the ransomware hackers responsible for the attack issued a warning message to the CEO of the company stating its stock would be “destroyed” if the ransom request was not met.
Where Did the Attack Emanate From?
Though digital forensics specialists are not completely certain where the attack stemmed from, the source locations were based in Indonesia and the United States.
Stay tuned. More information about this unique ransomware attack will be revealed in the days ahead.