Select Page
Back to overview

Reading Time: .

DDoS extortionists are currently attacking companies in the German-speaking region of Europe under the name “Cursed Patriarch.” At present, it cannot yet be conclusively determined whether this is the beginning of a new wave of RDoS attacks. It was only this past summer that cybercriminals launched a global attack campaign under the pseudonym “Fancy Lazarus,” targeting a large number of companies.

In its latest situation report, the German Federal Office for Information Security (BSI) warns of increasing specialization among attackers. DDoS extortion has become a lucrative source of income for organized crime. Companies without dedicated protection are at the mercy of the attackers.

Learn how to properly respond to DDoS extortion and how we can protect you proactively or in the event of an acute attack.

Emergency: I received a DDoS ransom note, what should I do?

  • Do not pay and do not contact the extortionists – If you accept the deal with the criminals, you make yourself vulnerable and expose yourself as a lucrative target. This may result in further attacks with more complex attack methods and demands for higher ransoms. In addition, these payments serve to support the extortionists’ business model.
  • Check your infrastructure for possible vulnerabilities – Are sensitive business processes protected from being overloaded on all the relevant network layers?
  • Implement suitable protective measures with professional assistance – Even in acute attack scenarios, DDoS attacks can be mitigated in a very short time via an emergency shutdown.
  • Report attacks and extortion attempts to the police – Operators of critical infrastructure are also required to file a report with the German Federal Office for Information Security (BSI).

RDoS attacks: a known modus operandi

The modus operandi of DDoS extortionists is by no means new. In the past few years, several large-scale RDoS (Ransom Denial of Service) campaigns have been conducted by cybercriminals. The approach is always the same: Companies receive a blackmail note demanding payment of a ransom in Bitcoin. In the same time frame, an initial DDoS attack is carried out to lend more weight to their demands. If the company fails to make payment on time, another attack is launched. To make their demands for ransom more forceful, the extortion gangs often pose as well-known hacker groups such as Fancy Bear APT28, Armada Collective, or Lazarus Group. The extent to which there are any actual links between the attackers and these internationally operating groups is unknown. The most recent attacks mitigated by Myra Security were carried out under the alias “Cursed Patriarch.”

These attacks usually employ several attack vectors simultaneously, which are designed for the Network and Transport Layers (Layers 3 & 4) or the Application Layer (Layer 7), depending on the target. TCP SYN floods and UDP-based reflection attacks are among the most frequent attacks on Layers 3 & 4. Other typical attack variants are ICMP flooding, UDP fragmentation, UDP amplification via DNS, NTP, rpcbind, SSDP, ACK flooding, and RST flooding. Meanwhile, HTTP GET, POST, and other flood attacks as well as low and slow attacks are the most common vectors for attacks on Layer 7. Attacks on the application layer have become one of the most common forms of attack.

Who do the hackers have in their sights?

Cybercriminals are increasingly targeting larger and financially stronger companies. Providers of essential services critical to public infrastructure are also increasingly coming into the crosshairs of attackers. In context with the current RDoS attack on behalf of “Cursed Patriarch”, a Myra customer was affected. In close cooperation with the company’s responsible IT team, Myra was able to confidently fend off all waves of attacks.

Whether prevention or quick emergency assistance in case of attack: Myra Security is there for you!

Myra DDoS Website Protection fully automatically protects websites, DNS, email, and VoIP on Layers 3, 4, and 7. With full traffic visibility, Myra enables intelligent load balancing and site failover with high reliability and minimal response times.

Myra DDoS BGP Protection fully automatically protects against volumetric attacks on Layers 3 and 4. The protective solution is easy to implement and requires no additional hardware or software. Detailed traffic analyses (NetFlow and sFlow) are provided by automatic flow monitoring. The failover of affected networks in case of attack is also fully automated.

Myra offers an extensive portfolio with an equally competitive and flexible pricing model, ranging from on-demand operation to flat rates.

Share this article