More ransomware gangs are attempting to use Distributed Denial of Service (DDoS) attacks against victims to bring down web services on top of encrypting files and locking computers as an effective means of pressuring the victim company to quickly pay the ransom. Suppose a victim tries to restore from local backups or does not attempt negotiation within a given period. In either of those cases, Avaddonwill launch a DDoS attack as an attempt to instill fear in the affected victims and not stop until payment is provided. This kind of secondary attack has also been seen from the SunCrypt and RagnarLocker ransomware gangs. This new tactic is a definite turn from other high tier ransomware gangs such as REvil, Netwalker, DopplePaymer, Egregor (Maze), and Ryuk. They primarily focus on data exfiltration to force the hand of victims by threatening to release stolen data.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in