Ransomware Adds DDoS Attacks To Annoy More People

An anonymous reader writes: Ransomware developers have found another method of monetizing their operations by adding a DDoS component to their malicious payloads. So instead of just encrypting your files and locking your screen, new ransomware versions seen this week also started adding a DDoS bot that quietly blasts spoofed network traffic at various IPs on the Internet.
Softpedia points out that "Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years."

Wont DDoS interfere with victims ability to pay?

[JoeyRox]

How will they be able to submit their online ransomware payment if their network is clogged from a DDoS?

Re:Execute the damn criminals

[gweihir]

The problem here is knowing who does it. When you know that, more sane measures (a year or two in prison and having to pay for the damage done in full) is entirely sufficient, no need to be a cave-man. Of course, as all resources are currently tied up in "The War on Terror", "The War on Drugs", and some other wars against mostly imaginary problems and problems that cannot be solved by a "War", DDoS attackers, being a real problem, have to take the back-seat and will likely not be identified anytime soon.

What, you thought law enforcement and all that spying was for the benefit of the people? Seriously?

Blame the incompetent ISPs

[quarkoid]

Spoofed DDOS attacks wouldn't be a problem if the users' ISPs implemented source address filtering.

Come to think of it, an awful lot of the Internet's problems would be resolved by ISPs implementing source address filtering.

Re:Blame the incompetent ISPs

[gweihir]

Indeed. And this has been known for more than a decade. But I expect nothing will happen until ISPs become liable for damage done if they do not implement source address filtering.

Re:Blame the incompetent ISPs

[Agripa]

Nothing will happen because they are busy installing metering so they can fine users for excessive data transfers. As a bonus, the ISP gets paid for the DDOS packets as well.

Re:Blame the incompetent ISPs

[gweihir]

AFAIK, they do not. ISPs pay for upstream data and less and less of that. For downstream, they only pay bandwidth, as they do not control that.

Re:Blame the incompetent ISPs

[Agripa]

What I mean is that the ISP's metering records outgoing and *incoming* packets whether solicited or not. So for every 50GB of UDP traffic someone sends you which you cannot block, you have to pay AT&T $10.

Re:these botnet operators

[gweihir]

It would be done because it would be so damn satisfying.

Sometimes, that's enough.

If you are an immoral cave-man then yes. If you actually qualify as a modern human being, then no. Or to put it otherwise: You are a problem.

Re: these botnet operators

[gweihir]

Well, I expect you are now on a list of "violent crazies".

Re: these botnet operators

[JustAnotherOldGuy]

No, those people should just be flogged. I'm thinking 20 hard lashes.

Agreed. And make it 40 if it's during rush hour.

Re:these botnet operators

[JustAnotherOldGuy]

If you are an immoral cave-man then yes. If you actually qualify as a modern human being, then no. Or to put it otherwise: You are a problem.

Lighten up. Let me guess, you're the kind of person that uses terms like "micro-aggression" and "cultural appropriation" and expects to be taken seriously.

Re:these botnet operators

[JustAnotherOldGuy]

need to be hunted down and killed, and quickly too, do it enough and soon the rest of them will quit because it is not worth it anymore

I'd like to get a Kickstarter campaign going for this. Call it the "Botnet Operator Death Squad". I'd donate.

Re:these botnet operators

[JustAnotherOldGuy]

because people don't break so called laws where the so called penalty is death?

Well, they won't break the law twice.

Re: these botnet operators

[PopeRatzo]

Well, I expect you are now on a list of "violent crazies".

"Now"?

Re: these botnet operators

[Applehu+Akbar]

So you think you're important enough that you get to kill people who inconvenience you?

For this definition of 'inconvenience', actually yes.

Re:these botnet operators

[Applehu+Akbar]

"Lghten up. Let me guess, you're the kind of person that uses terms like "micro-aggression" and "cultural appropriation" and expects to be taken seriously."

For these people, I have a worse punishment than flogging. They should be required to parse their own sentences for live and may God have mercy on their souls.

Re:Another Windows Only Issue?

[khz6955]

Some Anonymous Coward: "All OS's are vulnerable to attack"

Except in this case it happens to be Microsoft Windows that's the prime vector to spreading the Ransom.DDOD.ware :)

"To pretend otherwise only shows your lack of intelligence."

Insert painfully ignorant ad hominem.

"Windows just happens to provide a larger target audience where phishing, e-mail attack vectors, and social engineering have a better chance of succeeding."

Illogical, the number of audiences has no bearing on the lack of security of the target machine.

"And I always find it amusing that any time a vulnerability is found in Windows the wanna be techies milk it for all it's worth in their daily prayers in hopes of converting the heretic windows users to the one and only OS god."

And I find it amusing to see someone hide behind an anonymous account to spout abuse in defense of their precious :)

Removal

[manu0601]

One can pay to get encrypted files back. But one still have the DDoS component. When will it be possible to pay for the malware being removed?