Attackers Clobbering Victims With One-Two Punch Of Ransomware And DDoS

Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice.

As if ransomware werent bad enough, attackers are now making the most of their attacks by adding victimized machines to distributed denial of service (DDoS) botnets at the same time that theyre encrypted and held hostage, according to warnings from several security research organizations in the last week.
This one-two punch is a natural gimme for profit-minded attackers and one which security pundits expect will be standard issue for most ransomware kits in the near future.

Adding DDoS capabilities to ransomware is one of those evil genius ideas, says Stu Sjouwerman, CEO of KnowBe4, which today issued an alert that a new variant of Cerber ransomware has added DDoS capabilities to its payloads. Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. You can expect [bundling] it to become a fast-growing trend.”
The new trend was first
detailed by researchers with Invincea
last week, which found attackers using weaponized Office documents to deliver the threat via a Visual Basic exploit that allows them to conduct a file-less attack. That delivers malware with the underlying binary, giving the bad guys two attacks for the price of one, says Ikenna Dike of Invincea.
First, it is a typical ransomware binary that encrypts the user’s file system and files while displaying a ransom note. Second, the binary could also be used to carry out a DDoS attack, Dike said in a post. The observed network traffic looks to be flooding the subnet with UDP packets over port 6892. By spoofing the source address, the host could direct all response traffic from the subnet to a targeted host, causing the host to be unresponsive.
Seen by many as a perfect example of the mercenary nature of cybercrime, ransomwares evolution has been driven entirely by black market ROI. According to the FBI, by the end of the year the ransomware market is expected to net the crooks at least $1 billion.
Relatively high profit margins coupled with the relatively low overhead required to operate a ransomware campaign have bolstered the appeal of this particular attack type, fueling market demand for tools and services corresponding to its propagation, explained FireEye researchers in
an update last week on ransomware activity
.
FireEyes data shows that there was a noticeable spike in ransomware in March this year and that overall figures are on track for ransomware to exceed 2015 levels. This latest trend of DDoS bundling once again shows the lengths to which the criminals will squeeze every last bit of profitability and efficiency from ransomware attacks. It also offers fair warning to enterprises that even with backups, ransomware can pose threats to their endpoints and networks at large.
Even if data is restored on systems plagued by ransomware, theres no guarantee that a system wouldnt be used to continue to remain a part of the botnet or be used as a foothold for further attacks if the threat isnt properly contained.
Related Content:
TeslaCrypt Ransomware Group Pulls Plug, Releases Decrypt Key
Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says
A Brief History Of Ransomware
How Best To Back Up Your Data In Case Of A Ransomware Attac

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Attackers Clobbering Victims With One-Two Punch Of Ransomware And DDoS