Ransomware Adds DDoS Attacks To Annoy More People

An anonymous reader writes: Ransomware developers have found another method of monetizing their operations by adding a DDoS component to their malicious payloads. So instead of just encrypting your files and locking your screen, new ransomware versions seen this week also started adding a DDoS bot that quietly blasts spoofed network traffic at various IPs on the Internet.
Softpedia points out that "Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years."

these botnet operators

[FudRucker]

need to be hunted down and killed, and quickly too, do it enough and soon the rest of them will quit because it is not worth it anymore

Re:

[PopeRatzo]

because people don't break so called laws where the so called penalty is death?

Killing ransomware and botnet operators would not be done in order to reduce their activities. It would be done because it would be so damn satisfying.

Sometimes, that's enough.

Re:

[PopeRatzo]

Should I assume you also want to deprive someone of their life when the stoplight turns green and the car in front of you doesn't immediately accelerate?

No, those people should just be flogged. I'm thinking 20 hard lashes.

Re:

[gweihir]

Well, I expect you are now on a list of "violent crazies".

Re:

[PopeRatzo]

Well, I expect you are now on a list of "violent crazies".

"Now"?

Re:

[JustAnotherOldGuy]

No, those people should just be flogged. I'm thinking 20 hard lashes.

Agreed. And make it 40 if it's during rush hour.

Re:

[Applehu Akbar]

So you think you're important enough that you get to kill people who inconvenience you?

For this definition of 'inconvenience', actually yes.

Re:

[gweihir]

It would be done because it would be so damn satisfying.

Sometimes, that's enough.

If you are an immoral cave-man then yes. If you actually qualify as a modern human being, then no. Or to put it otherwise: You are a problem.

Re:

[JustAnotherOldGuy]

If you are an immoral cave-man then yes. If you actually qualify as a modern human being, then no. Or to put it otherwise: You are a problem.

Lighten up. Let me guess, you're the kind of person that uses terms like "micro-aggression" and "cultural appropriation" and expects to be taken seriously.

Re:

[Applehu Akbar]

"Lghten up. Let me guess, you're the kind of person that uses terms like "micro-aggression" and "cultural appropriation" and expects to be taken seriously."

For these people, I have a worse punishment than flogging. They should be required to parse their own sentences for live and may God have mercy on their souls.

Re:

[PopeRatzo]

If you are an immoral cave-man then yes. If you actually qualify as a modern human being, then no. Or to put it otherwise: You are a problem.

You SJWs are really something.

Re:

[JustAnotherOldGuy]

because people don't break so called laws where the so called penalty is death?

Well, they won't break the law twice.

Re:

[JustAnotherOldGuy]

need to be hunted down and killed, and quickly too, do it enough and soon the rest of them will quit because it is not worth it anymore

I'd like to get a Kickstarter campaign going for this. Call it the "Botnet Operator Death Squad". I'd donate.

Re:

[gweihir]

The problem here is knowing who does it. When you know that, more sane measures (a year or two in prison and having to pay for the damage done in full) is entirely sufficient, no need to be a cave-man. Of course, as all resources are currently tied up in "The War on Terror", "The War on Drugs", and some other wars against mostly imaginary problems and problems that cannot be solved by a "War", DDoS attackers, being a real problem, have to take the back-seat and will likely not be identified anytime soon.

Wha

Wont DDoS interfere with victims ability to pay?

[JoeyRox]

How will they be able to submit their online ransomware payment if their network is clogged from a DDoS?

Re:

[khz6955]

Some Anonymous Coward: "All OS's are vulnerable to attack"

Except in this case it happens to be Microsoft Windows that's the prime vector to spreading the Ransom.DDOD.ware :)

"To pretend otherwise only shows your lack of intelligence."

Insert painfully ignorant ad hominem.

"Windows just happens to provide a larger target audience where phishing, e-mail attack vectors, and social engineering have a better chance of succeeding."

Illogical, the number of audiences has no bearing on the lack of securi

Blame the incompetent ISPs

[quarkoid]

Spoofed DDOS attacks wouldn't be a problem if the users' ISPs implemented source address filtering.

Come to think of it, an awful lot of the Internet's problems would be resolved by ISPs implementing source address filtering.

Re:

[gweihir]

Indeed. And this has been known for more than a decade. But I expect nothing will happen until ISPs become liable for damage done if they do not implement source address filtering.

Re:

[Agripa]

Nothing will happen because they are busy installing metering so they can fine users for excessive data transfers. As a bonus, the ISP gets paid for the DDOS packets as well.

Re:

[gweihir]

AFAIK, they do not. ISPs pay for upstream data and less and less of that. For downstream, they only pay bandwidth, as they do not control that.

Re:

[Agripa]

What I mean is that the ISP's metering records outgoing and *incoming* packets whether solicited or not. So for every 50GB of UDP traffic someone sends you which you cannot block, you have to pay AT&T $10.

Removal

[manu0601]

One can pay to get encrypted files back. But one still have the DDoS component. When will it be possible to pay for the malware being removed?