RDDoS a More Prevalent Threat to Organizations Than Ransomware

Seven in ten RDDoS victims have been targeted multiple times in the last year, compared with 57% of ransomware targets.

August 16, 2021

4 Min Read


RESTON, VA – August 12, 2021 – Over two-fifths (44%) of organizations have been the target or victim of a ransom-related distributed denial of service (RDDoS) attack in the last 12 months, according to new research from the Neustar International Security Council (NISC). During the same period, fewer organizations (41%) reported being on the receiving end of a ransomware attack.

Of the organizations hit by RDDoS in the last year, 70% said they had been targeted multiple times, with 36% opting to pay the ransom. In comparison, more than half (57%) of ransomware victims reported being targeted more than once, with more than a third (36%) choosing to pay out.

Earlier this year, Neustar, Inc., a global information services and technology company and leader in identity resolution, highlighted a rise in RDDoS attacks in its Cyber Threats and Trends: Pandemic Style report. Informed by data from Neustar’s Security Operations Center (SOC), the report revealed a surge in the frequency, persistence and sophistication of RDDoS threats. Attackers are also broadening their targets.

While RDDoS threats are not new for many online industries, attackers have increasingly turned their attention to a wider variety of sectors including financial services, government, and telecoms. The perpetrators of these attacks are also increasingly aligned with powerful nation state hacking groups – or claiming to be. In late 2020, a major Fortune Global 500 company was targeted by hackers claiming to be North Korean state-backed Lazarus Group, and in a larger wave of DDoS extortion campaigns this June, attackers claimed to be from either Lazarus Group or Russian state-backed Fancy Bear. In each case, the businesses received extortion emails demanding Bitcoin payment.

“Rather than spending a lot of time and careful planning on infecting an organization’s network with malware or ransomware, cyber criminals are taking an easier approach and using DDoS as a ransom vector,” said Rodney Joffe, Chairman of NISC, SVP and Fellow, Neustar. “For bad actors, launching a DDoS attack is relatively simple and also has the added benefit of being harder to trace back to its origin.”

Despite having now been around for a while, just a quarter (24%) of cyber security professionals reported feeling ‘very confident’ in their organization’s knowledge of how to respond to an RDDoS attack.

According to Joffe, paying a ransom should be avoided at all costs: “It’s common for organizations to feel pressure to pay to get their website back up and running and avoid disruption. However, with attackers targeting the same company multiple times, paying the ransom only makes it more likely that you will fall victim again. Instead, businesses must take an ‘always on’ approach to DDoS security, ensuring that their site remains protected even in the event of an attack.”

During May – June 2021, security professionals perceived ransomware (70%), DDoS (68%), and targeted hacking (66%), as the most increasing threats to their organization.



The International Cyber Benchmarks Index is based on a bimonthly online survey of security professionals, conducted by Harris Interactive on behalf of NISC. Participants in the July 2021 survey comprise 313 professionals from across six EMEA and US markets. All are in senior positions within their organizations and able to provide informed opinions about cybersecurity issues, including how these are impacting their enterprise and the wider business community.

The International Cyber Benchmarks Index figure is calculated using a number of the survey questions that are repeated in every survey and tracked over time. An initial figure is taken from the percentage of enterprises that say notable recent cyber events have directly affected the way they protect their business. This figure is multiplied by the average “net increase” percentages from across three separate questions, reflecting (1) the change in the level of threat, (2) the change in the level of attack and (3) the change in the threat landscape. This figure is then multiplied by the percentage of enterprises that have ever been on the receiving end of a DDoS attack. The maximum (theoretical) potential index score is 100.

About the Neustar International Security Council (NISC)

The Neustar International Security Council is an elite group of select cybersecurity leaders across key industries and companies. Through face-to-face events including an annual summit, quarterly thought-leadership seminars and regional roundtables, members learn and share the latest trends from leading experts and peers. For more information: https://www.nisc.neustar/.

About Neustar

Neustar is an information services and technology company and a leader in identity resolution providing the data and technology that enables trusted connections between companies and people at the moments that matter most. Neustar offers industry-leading solutions in Marketing, Risk, Communications, and Security that responsibly connect data on people, devices, and locations, continuously corroborated through billions of transactions. Neustar serves more than 8,000 clients worldwide, including 60 of the Fortune 100. Learn how your company can benefit from the power of trusted connections here: https://www.home.neustar.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights