DDoS attacks with ransom demand
Over the past week, at least seven email providers in the US have been hit hard by DDoS attacks and extorted with ransom demands in Bitcoin. Apparently, everyone was attacked in the name of the group “Cursed Patriarch”, some with bandwidths of up to 256Gbps.
Myra-Spokesperson Tobias Lang
Myra Security has fended off similar attacks for a German e-mail provider in recent days. Here, too, the sender has posed as a Cursed Patriarch. Only this summer, a wave of attacks in the name of “Fancy Lazarus” passed through Germany, such waves are observed more and more often. “Further attacks by Cursed Patriarch are possible,” warns Myra-Spokesperson Tobias Lang.
Attacks of this kind are on the rise. The Situation Report 2021 of the Federal Office for Information Security (BSI) warns of an increasing specialization of DDoS extortion, which has developed into a lucrative source of income for criminals. The Myra Security Operations Center (SOC) recorded a 300% increase in DDoS attacks in 2020 alone – with a particular focus on critical infrastructures. “These attacks are now commonplace – preventive protection is therefore essential,” said Lang.
What to do in case of an attack:
- Refuse to contact and pay – whoever pays becomes a lucrative target. Further attacks with more complex attack methods and higher ransom demands can be the result.
- Companies should check their infrastructure for possible vulnerabilities – Are sensitive business processes on all relevant network layers specifically protected against overload attacks?
- Implement suitable protective measures with professional help – Even in acute attack scenarios, DDoS attacks can be mitigated in the shortest possible time using an emergency setup.
- Companies should report attacks and extortion attempts to the police – there is also a reporting obligation for KRITIS operators to the BSI.
Overall, it is crucial that companies are aware of the tense threat situation and secure their digital business processes to the maximum. Specialized providers of security solutions, for example from the field of security-as-a-service, are becoming increasingly important in this context. Ideally, the solution used analyzes the web traffic in real time and filters harmful data streams fully automatically. Thanks to the cloud-based structure, such technologies can be implemented easily and quickly, additional hardware or software is not required in the best case.
As a German technology manufacturer, Myra Security offers a secure, certified security-as-a-service platform for the protection of digital business processes. The smart Myra technology monitors, analyzes and filters harmful Internet traffic even before virtual attacks cause real damage. The German Government, the European Central Bank and the Sparkassen-Finanzportal are among the institutions and large companies where Myra successfully fends off attacks in real time. The BSI (Federal Office for Information Security) confirms Myra’s outstanding qualification as a security service provider for critical infrastructures (KRITIS). As the only provider in the world, Myra fully meets all BSI performance features. “We define the standard for global IT security” is the vision of the two founders. Sascha Schumann drives technical innovation as a “master coder”, while Paul Kaffsack focuses on entrepreneurial goals.