To Pay or Not to Pay: It’s About the Provider

In the past few months, Radware’s threat research center has issued several alerts about a global ransom DDoS campaign targeting finance, travel and e-commerce (read the threat alert and the campaign update). With the proliferation of DDoS-for-Hire tools (read the alert), economics favor the attackers, who can easily launch massive DDoS attacks to extort organizations that generate their revenues online.

The ransom fee is typically set between 1 to 10 BTC, depending on the organization’s revenue scale (10 BTC is equivalent to $113K). How is the ransom calculated? It’s not a random value; it represents the investment in proper defense against DDoS attacks.

It’s About the Provider

The question–to pay or not to pay–goes back to another question: who is your DDoS mitigation provider? If you are paying up to $1,000 per month to protect against DDoS attacks, you are paying it to a provider who assumes that you are rarely attacked and mainly looks for an “insurance-level” protection. If you are paying $10,000 per month (assuming your internet traffic is above 1Gbps), then your provider assumes you are constantly targeted by attackers.

So, what is the difference between the $1K provider and the $10K provider, and how is it relevant to the ransom DDoS campaign?

[You may also like: Radware Threat Researchers Live: DDoS-For-Hire]

The $1K providers offer DDoS protection for companies that would rarely be attacked. Their infrastructure is designed for sporadic attack events, limited mitigation capacity and basic SOC. Why basic? Because when you handle infrequent attacks you cannot grow expertise on par with attack techniques and advancements.

The $10K providers offer DDoS protection for companies that are under constant attack, and their business is sensitive to service degradation or outages. Their infrastructure is designed for high volume attack mitigation and their SOC handles attacks on a daily basis – which makes them real experts in what they do.

[You may also like: How to Respond to a DDoS Ransom Note]

To Pay or Not to Pay?

Now the answer is quite simple: if you have partnered with an experienced DDoS mitigation provider, you are safe to ignore the ransom letters. Furthermore, paying the ransom demand will only incentivize the malicious actors to continue their campaign.

Download Radware’s “Hackers Almanac” to learn more.

Download Now

*** This is a Security Bloggers Network syndicated blog from Radware Blog authored by Ron Meyran. Read the original post at: