Ransomware actors target VoIP service with another wave of DDoS attacks

DDoS attack
(Image credit: FrameStockFootages / Shutterstock)
Audio player loading…

A series of sustained Distributed Denial of Service (DDoS (opens in new tab)) reportedly knocked UK Voice over Internet Protocol (VoIP (opens in new tab)) provider VoIP Unlimited offline, weeks after it was targeted in a REvil-orchestrated ransomware (opens in new tab) campaign.

According to The Register, last week’s downtime was the result of "an alarmingly large and sophisticated DDoS attack attached to a colossal ransom demand" which VoIP Unlimited has pinned to the REvil ransomware gang (opens in new tab).

The attack is also blamed for disrupting the operations (opens in new tab) of other UK VoIP providers at the same time as well. 

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

As of 11 December however, VoIP Unlimited has restored a majority of its services, while a couple continue to report (opens in new tab) “Degraded Performance.”

From ransomware to DDoS

The Register notes that while REvil is notorious for its ransomware operations, it seems to have joined the list of ransomware operatives who have begun switching to conducting extortion-based DDoS campaigns.

In fact, it appears before attacking VoIP Unlimited, the gang honed their skills by going after a Canadian firm (opens in new tab) in mid-September, and demanding one bitcoin (around $45,000 at the time) to cease the attacks.

Commenting on the change in tactics of ransomware operators, cybersecurity (opens in new tab) analysts at TrendMicro (opens in new tab) observed that multilevel extortion schemes were beginning to emerge as the latest trend in the ransomware underworld.

“Triple extortion follows a straightforward formula: adding DDoS attacks to the aforementioned encryption and data exposure threats. These attacks could overwhelm a server or a network with traffic, which in turn could halt and further disrupt operations,” observed TrendMicro (opens in new tab).

The new modus operandi was first performed by SunCrypt and RagnarLocker operators in the latter half of 2020, adding that the REvil operators were also looking to adopt this new ransomware strategy.

The emergence of ransomware DDoS (RDDoS) attacks was also recently highlighted (opens in new tab) in a report by US telecoms company Lumen Technologies, as it urged businesses to prepare for this incoming onslaught.

Via The Register (opens in new tab)

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.