{ "id": "b2b37f7d-3d23-4f40-95b7-04f2ab998ea5", "created_at": "2026-04-06T00:16:36.9895Z", "updated_at": "2026-04-10T13:11:44.027128Z", "deleted_at": null, "sha1_hash": "982833a8c15e2d2bf746ce8bff61f727a5be99ba", "title": "Another ransomware now uses DDoS attacks to force victims to pay", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2172303, "plain_text": "Another ransomware now uses DDoS attacks to force victims to pay\r\nBy Lawrence Abrams\r\nPublished: 2021-01-24 · Archived: 2026-04-05 13:25:28 UTC\r\nAnother ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom.\r\nIn October 2020, we reported that ransomware gangs were beginning to utilize DDoS attacks against a victims' network or\r\nweb site as an extra tool to force them to pay a ransom. At the time, the two operations using this new tactic were SunCrypt\r\nand RagnarLocker.\r\nA distributed denial of service (DDoS) attack is when a threat actor floods a website or a network connection with more\r\nrequests than it can handle, making the service inaccessible.\r\nhttps://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nWhen a company suffers a ransomware attack, many victims restore from backups and do not bother contacting the\r\nattackers.\r\nThe Avaddon ransomware gang now uses DDoS attacks to take down a victim's site or network until the victim contacts\r\nthem and begins negotiating.\r\n\"Also, their site is currently under DDoS Attack, we will attack it until they contact us,\" Avaddon stated on their\r\nransomware data leak site.\r\nAvaddon data leak site\r\nFor one of the victims that Avaddon is currently performing a DDoS attack, you can see that the website is no longer\r\naccessible.\r\nhttps://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/\r\nPage 3 of 5\n\nAvaddon performing a DDoS attack\r\nEmsisoft threat analyst Brett Callow, who shared this development with BleepingComputer, \r\n\"It’s not at all surprising to see threat actors combining ransomware and DDoS attacks: DDoS is cheap, easy and in some\r\ncases may help convince some companies that speedy payment is the least painful option. The more pressure the criminals\r\ncan put companies under, the better their chances of extracting payment,\" Callow told BleepingComputer via email.\r\nWhen Maze introduced a double-extortion strategy, other ransomware gangs quickly adopted the method. It is too soon to\r\ntell if threat actors will adopt DDoS attacks similarly.\r\nhttps://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/\r\nhttps://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay/" ], "report_names": [ "another-ransomware-now-uses-ddos-attacks-to-force-victims-to-pay" ], "threat_actors": [], "ts_created_at": 1775434596, "ts_updated_at": 1775826704, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/982833a8c15e2d2bf746ce8bff61f727a5be99ba.pdf", "text": "https://archive.orkl.eu/982833a8c15e2d2bf746ce8bff61f727a5be99ba.txt", "img": "https://archive.orkl.eu/982833a8c15e2d2bf746ce8bff61f727a5be99ba.jpg" } }