The security company Radware warns of a second wave of ransomware attacks by a group that was active in August 2020. In the last week of December 2020 and the first week of January 2021, Radware customers were the target of this global DDoS campaign for the second time.
These received new emails that began with the words: “You may have forgotten us, but we have not forgotten you. We've been busy working on more profitable projects, but now we're back."
The second wave only to non-payers
Companies that received these emails had already received threats in August and September 2020. Analysis of this second wave of emails suggests that the same summer 2020 group was behind these malicious messages. Radware is only aware of organizations that did not respond to or paid the ransom demand in summer 2020. The security experts are therefore very confident that the same actors who initiated this campaign in 2020 are still active today.
In their second email, the blackmailers expressly emphasize that they are not concerned with vandalism, but solely with money. You are now asking for 5 bitcoins after another 10 were asked for in the first wave. In view of the extreme performance of Bitcoins, this still corresponds to an increase of around 50 percent. Radware assumes that the rising price of bitcoins will continue to have a lasting impact on the threat landscape.
The message concludes, "Remember, we never give up. And we always come back until we get paid. Once we're paid, we're gone and you'll never hear from us again - forever."
The DDos attack
A few hours after receiving the message, the contacted companies were hit by DDoS attacks that reached over 200 Gbps and lasted for over nine hours without slowing down or interruption. A maximum attack size of 237 Gbps was reached with a total duration of almost 10 hours. The attack vectors used still match the group's original attacks and consisted mainly of UDP fragments, UDP port 80 and DNS traffic.
"Ransomware DDoS used to be a seasonal thing," comments Pascal Geenens, Director Threat Intelligence at Radware, of the second wave. "Campaigns used to run annually for a few weeks before the actor gave up. It seems this is no longer the case. Since the summer of 2020, DDoS extortion has become an integral part of the threat landscape for companies in almost every industry. In addition, it appears that the attackers are returning to earlier targets. If an organization has already received an email, there is a high probability that it will also receive another email. The persistence, size and duration of the attack leads us to believe that this group has either successfully received payments or has significant financial resources to continue their attacks."
Victims should seek professional help
Radware recommends that all ransomware recipients seek professional help to protect themselves from DDoS attacks. The company also strongly advises against paying. "There is no guarantee that the attacks will stop or that they will not come back more frequently after an initial payment," says Geenens. “Typically, this category of cyber criminals is out for financial gain. If they know someone has succumbed to the threat, they will come back in the future."
More on this at Radware.com
About Radware Radware (NASDAQ: RDWR) is a global leader in application delivery and cybersecurity solutions for virtual, cloud and software-defined data centers. The company's award-winning portfolio secures the company-wide IT infrastructure and critical applications and ensures their availability. More than 12.500 enterprise and carrier customers worldwide benefit from Radware solutions to quickly adapt to market developments, maintain business continuity and maximize productivity at low cost.