Ransom-Fuelled DDoS Attacks ‘Surged’ In 2020

Organisations have seen a massive rise in denial-of-service attacks over the past year, with more attackers now demanding ransoms, security researchers have found.

Security firm Neustar, which offers DDoS prevention services, said such attacks rose by 154 percent, or more than two and a half times, in 2020 compared with 2019.

The company said incidents in which the attacker demanded a ransom to prevent disruption also grew in frequency.

Moreover, ransom-related DDoS incidents extended into more areas, targeting finance, government, energy and other sectors.


DDoS attacks involve the use of a distribute network of bots – usually computers that have been infected with malware without the knowledge of their users – to send junk traffic that overloads an organisation’s systems, making them inaccessible.

Such attacks have become more critical over the past year, due to a massive increase in staff working remotely during the pandemic.

Criminals are taking advantage of this fact by demanding ransoms from a broader array of organisations.

Ransom-related attacks are typically preceded by an extortion email promising a small attack the following day, followed by an attack utilising up t 2TB per second of junk traffic if the ransom is not paid.


Attackers often signed the letter with the name of well-known, state-backed attack groups, including Fancy Bear, the Lazarus Group and the Armada Collective.

“While it is unknown how many of these threats were actually perpetuated by these organisations, it is likely that the fear of nation-state attack groups such as these were intended to amplify the fear that the letters themselves generated,” Neustar said in an advisory.

The company said DDoS incidents broke records for size and duration in 2020, with Neustar fending off an attack that used 1.17 Tbps of data, making it one of the internet’s biggest to date.

Google last October disclosed a 2.5 Tbps DDoS attack that is currently the internet’s largest-known incident of its kind.

The company also defended a client against an attack that lasted nearly six days.

DNS attacks

It said the number of DDoS attacks throughout the year was “unprecedented”.

Neustar also found that attacks targeting the Domain Name System (DNS) were increasingly frequent in 2020 as another way of disrupting organisations’ network access.

The company echoed the advice of law enforcement in urging organisations not to pay ransoms, and instead to report the incident to authorities.

“Beyond this, organisations can prepare by setting up a robust DDoS mitigation strategy, including assessing the risks, evaluating available solutions, considering mitigation strategies, and keeping their plan and provider up to date,” said Neustar vice president of security product management Michael Kaczmarek.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

2 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

2 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

2 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

3 days ago