The number of ransomware DDoS attacks has dropped significantly

According to statistics from Cloudflare, in the first quarter of 2022, the number of ransomware DDoS attacks (so-called RDDoS) decreased to 3% of the total. Back in December 2021, such attacks accounted for 28% of all incidents.

RDDoS attacks, in fact, are ordinary DDoS, when hackers send huge traffic flows to the services of the victim company, which leads to their shutdown. But, unlike conventional attacks, in this case, the attackers demand a ransom to stop the attack. The fact is that hackers have long ago discovered that for many companies, a disruption in operation can be a strong stimulus to pay a ransom, especially if the downtime is associated with significant financial losses.

Such ransomware DDoS attacks have plummeted in 2022, according to Cloudflare, with only 17% of Cloudflare customers reporting ransomware in January, 6% in February, and just 3% in March.

The current figure is 28% less than last year and 52% less than in the last quarter of 2021, when the number of ransomware DDoS attacks was up to 28% per month. Interestingly, the reason for such a sharp drop remains unclear at the moment.

In other Q1 2022 trends, Cloudflare is reporting a notable increase in application-level DDoS attacks, up 164% year-on-year. The most notable trends in this area were a 5086% increase in application-layer attacks targeting the consumer electronics sector, as well as a 2131% increase in attacks on Internet media compared to the previous quarter.

As another emerging trend, analysts call the growth of reflected and enhanced attacks, including the use of new techniques, which were recently reported. For example, Cloudflare’s report describes a real-world use case for this tactic when the Lantronix Discovery Protocol was used on a large number of IoT devices. The attackers used 4-byte requests to public Lantronix devices and received a 30-byte response, thereby obtaining a gain of 7.5.

Let me remind you that we talked about the fact that Microsoft has recorded a record DDoS attack, with a capacity of 3.47 Tb/s, and also, for example, that DDoS attacks on Andorra turned out to be related to the Squid Game Minecraft tournament.