Ransomware actors target VoIP service with another wave of DDoS attacks

DDoS attack
(Image credit: FrameStockFootages / Shutterstock)

A series of sustained Distributed Denial of Service (DDoS) reportedly knocked UK Voice over Internet Protocol (VoIP) provider VoIP Unlimited offline, weeks after it was targeted in a REvil-orchestrated ransomware campaign.

According to The Register, last week’s downtime was the result of "an alarmingly large and sophisticated DDoS attack attached to a colossal ransom demand" which VoIP Unlimited has pinned to the REvil ransomware gang.

The attack is also blamed for disrupting the operations of other UK VoIP providers at the same time as well. 

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

As of 11 December however, VoIP Unlimited has restored a majority of its services, while a couple continue to report “Degraded Performance.”

From ransomware to DDoS

The Register notes that while REvil is notorious for its ransomware operations, it seems to have joined the list of ransomware operatives who have begun switching to conducting extortion-based DDoS campaigns.

In fact, it appears before attacking VoIP Unlimited, the gang honed their skills by going after a Canadian firm in mid-September, and demanding one bitcoin (around $45,000 at the time) to cease the attacks.

Commenting on the change in tactics of ransomware operators, cybersecurity analysts at TrendMicro observed that multilevel extortion schemes were beginning to emerge as the latest trend in the ransomware underworld.

“Triple extortion follows a straightforward formula: adding DDoS attacks to the aforementioned encryption and data exposure threats. These attacks could overwhelm a server or a network with traffic, which in turn could halt and further disrupt operations,” observed TrendMicro.

The new modus operandi was first performed by SunCrypt and RagnarLocker operators in the latter half of 2020, adding that the REvil operators were also looking to adopt this new ransomware strategy.

The emergence of ransomware DDoS (RDDoS) attacks was also recently highlighted in a report by US telecoms company Lumen Technologies, as it urged businesses to prepare for this incoming onslaught.

Via The Register

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.