Ransomware, the Cloud, and DDoS

Ransoming the Cloud

On the ransomware resources page, I recommended:

Back up your data to an external device. And to cloud services as well, if you like. Bear in mind, though, that if your data is backed up somewhere that’s ‘always on’ while you’re using your computer, there’s a risk that ransomware (or other malicious software) might be able to encrypt, delete or corrupt your backed-up data too. For the same reason, don’t try to reinstall backed-up files from an off-line resource (at any rate, a write-enabled offline resource) until you’re sure the malware is no longer present and active on your system.

In Ransomware a Threat to Cloud Services, Too Brian Krebs notes an instance where, when one of Children in Film’s employees opened an attachment passed off as an invoice: within 30 minutes, over 4,000 files on a cloud server, mounted as a local drive, had been encrypted by Teslacrypt. Fortunately, according to Krebs, the cloud hosting company kept daily backups and the company was able to use BleepingComputer’s TeslaDecoder to decrypt the files without paying the extortionists, but the inconvenience was still significant.

DDoS  Statistics

For Tripwire, David Bisson summarizes some of the detail from a report from cloud provider Akamai on trends in DDoS (Distributed Denial of Service) attacks, often associated with attempted extortion.

Cloud Security Alliance Survey

The Register reports that a CSA poll found that:

  • Some respondents would pay very large sums to extortionists to avoid data dumps
  • That gambling sites continue to be targeted with threats of DDoS attacks, often coinciding with major sporting events
  • That “… even police and law enforcement agencies [are] recommending organisations hit by the most water-tight ransomware encryption attacks to pay up to get their decryption keys.”

The article also suggests a link between the Hidden Tear open source code and the not-very-successful Linux.Encoder.


And here are a couple of items about the DD4BC (DDoS for BitCoin) gang:

  • ESET reports on Operation Pleiades in which several countries cooperated with Europol against the threat.
  • A related story from the BBC.

All items added to the ransomware resources page.

David Harley


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.