HomeOur Team

Cloudflare Notification about increase in ransom DDoS threats

By Vitus White
Published in Apps & Software
October 16, 2020
2 min read

We are reaching out because over the last several weeks, there has been an increase in ransom-driven DDoS attack threats. Entities claiming to be Fancy Bear / Cozy Bear / Lazarus are threatening to launch DDoS attacks against organizations’ websites and network infrastructure unless a ransom is paid before a given deadline. Prior to the ransom note, a small DDoS attack is usually launched as a form of demonstration. The demonstration attack is typically a UDP reflection attack using a variety of protocols, lasting roughly 30 minutes in duration (or less).

An excerpt of the ransom note is here: We are the Fancy Bear and we have chosen as target for our next DDoS attack.

Your whole network will be subject to a DDoS attack starting at Monday (in 6 days). (This is not a hoax, and to prove it right now we will start a small attack on a few of your IPs that will last for 30 minutes. _

The ransom note is typically sent to the common group email aliases of the company—i.e. [email protected], [email protected], [email protected], [email protected], [email protected], etc. In several cases, it has ended up in spam.

You can view a sample of the whole ransom note. You can also view the [FBI report here. ](https://info.cloudflare.com/rs/713-XSC-918/images/FBI_Flash.pdf?utm_medium=email&utm_source=nrt&utm_campaign=exg420s-gedd-ransom-ddos&mkt_tok=eyJpIjoiWm1VMU1EazVNbVkzTW1ZeCIsInQiOiJcLzlRZnZKakFpZ0hUWlQzc2xqdXVmKzlzOVM0TW5NVTNtYkRpMHVnTk5PUThaUGxHOHhBdW92b01mbWtHeUk4TW9SYjhcL1R2QlVzZVwvWUFzOUh6U1dQSDdcL1ZROVFXU2k5QmlqdnVuYWp0NzFRamJmUXBcLzgyRFRQZTVuUHowNFVVIn0%3D\)

What to do if you receive a threat: 1.Do not panic and do not pay the ransom: Paying ransom only encourages bad actors—and there’s no guarantee that they won’t attack your network now or later. 2. Notify local law enforcement: They will also likely request a copy of the ransom letter that you received.

How to prepare now for this threat:
1. Ensure your network infrastructure is protected: These attacks are targeting both web properties as well as network infrastructure. We have successfully mitigated these attacks for our customers through our core DDoS solution and [Magic Transit](https://www.cloudflare.com/magic-transit/?\) (for IP infrastructure). If we can be helpful to you and your organization, we stand ready to help.

2. Enable DDoS alerts: If you are on a Cloudflare paid plan, you can be notified immediately in the case of an attack on your Cloudflare protected Internet-property. Click here to enable DDoS alerts from your dashboard.

3. Review our support docs: Learn best practices to secure your Cloudflare-enabled site and review how to respond to ransom notes threatening a DDoS attack [here](https://support.cloudflare.com/hc/en-us/articles/200170196-Responding-to-DDoS-attacks?\)


Previous Article
How create a signature using an online service?
Vitus White

Vitus White

Web Developer

Related Posts

How to turn off notifications in Windows 10
March 26, 2020
4 min
© 2022, All Rights Reserved.

Quick Links

Our TeamContact Us

Legal Stuff

Social Media