In denial: The risk of ignoring website ransom demands

One of the most rapidly growing, high impact and financially disruptive types of online attack is the Distributed Denial of Service (DDoS) attack, when a website or online service is overwhelmed with huge levels of traffic from multiple sources, often forcing it offline.

Being offline for any period of time can create massive financial headaches, but the added dimension is that criminals are increasingly using the technique to demand money from their intended targets. The very literal threat is that they have a way to take your website down and keep it offline unless you pay a ransom.

But what does a DDoS ransom demand look like, how can you work out if your site is at genuine risk, and how can you protect your online presence? Organised criminal groups will generally carry out a test attack on the target website or service, sending increased levels of traffic to it to assess whether it is vulnerable. If the site can be taken down with a small attack (1-2Gb of Bandwdith, for example), a demand for money will usually follow, or additional large scale attacks (anywhere between 10-100 Gb) may occur if the service provider hosting the site has more robust security technology in place.

Either way, they will often keep trying, and once the attackers know they have the ability to take down a site, the ransom demands will begin to appear. They will usually make a demand for money via email, and an immediate part of the problem is that these emails can look like spam, and because they appear badly written it can be tempting to ignore them.

These demands will give a deadline for payment to be made and a payment method; recent examples from active DDoS groups have demanded an online payments in the region of 25 bitcoins (equivalent to around £8,000). Failure to meet a deadline can result in attacks re-occurring in severity and duration, with an accompanying increase in the ransom which has to be paid in order to stop them.

The bottom line is, websites are being taken down for prolonged periods, forcing the owners to consider whether it’s actually cheaper to pay the ransom demand than to suffer the loss of business that comes with an offline website. But there are a range of preventative measures every business can take to protect its website and online services

Focus on prevention rather than cure

As is the case with many situations involving digital security, prevention is much more effective than having to find a cure. Preventative measures are the responsibility of the service provider who hosts the website and, in most cases, also manages its security.

Every service provider out there is very well aware of the potential for DDoS attacks to occur, and the disruption and financial damage they can create, but there is a great deal of variation in their ability to prevent them from succeeding.

Don’t ignore the threats

If you receive what appears to be a ransom email, don’t ignore it – contact your service provider right away to make sure they can monitor any increase in traffic to your site and mitigate serious attacks. But the time they have to take in order to work round and fix the problem equals lost business.

Paying up doesn’t make the problem go away

For some organisations, their website and online services are so fundamental to their day-to-day operations that it may be tempting to pay. The problem is that paying one group doesn’t do anything to deter others, and is no guarantee that further demands for ransom payments won’t appear in the future.

Find Service Providers who are Security Experts

Working with a service provider with the experience and capabilities to identify and mitigate this kind of attack is vital. Business owners need to assess their levels of risk by checking with their service providers to understand how robust their approach to DDoS prevention is, and what levels of security and service they guarantee in their customer agreements.

As with many digital security threats, it’s tempting to view the risk as remote and unlikely – but from a business perspective, this needs to be balanced against the potential impact if a DDoS attack occurs.

Prevention is a very practical objective, requiring that the service provider has the right technical skills, and the site owner is asking them the right questions to ensure their online presence remains uninterrupted.

Jake Madders, Director of managed cloud hosting company Hyve

Photo credit: Tashatuvango/Shutterstock