The FBI has announced a new security threat organizations should be aware of: RDDoS (or RDoS) — Ransom Denial of Service.
How it works & targeted industries
- Attackers will send a notice to your company that they’ll DDoS your organization in ~a week unless you pay a ransom in Bitcoin (usually between $110,000 — $230,000).
- Various industries have been targeted
Ways to mitigate*
- Have adequate DDoS protections in place.
- It’s important to note that not every organization that received a threat got DDoS’d.
What to do if you do get RDDoS’d*
- Don’t pay the ransom
- Initiate your security incident response and BC/DR plans, which may include contacting law enforcement
To learn more, read the article this information came from: https://www.bleepingcomputer.com/news/security/fbi-thousands-of-orgs-targeted-by-rdos-extortion-campaign/
*This is not legal advice. Organizations and individuals should consult with appropriate experts before determining how to mitigate and respond to the risks associated with (R)DDoS attacks. This short article is offered as a public service to help individuals and organizations (1) be aware of this new threat and (2) have enough of an understanding of this new threat so that they can start to learn more and/or initiate productive conversations at their organizations. This article is not to be considered authoritative, and those reading this article are advised that in cybersecurity/InfoSec, and while risks can be mitigated and reduced, risks can never be reduced to zero.