Cloudflare is reaching out because of the recent resurgence in ransom-driven DDoS threats that are targeting organizations of all sizes.

Please know that if your organization is ever threatened with a ransom DDoS attack, we stand ready to help.

What is a ransom-DDoS attack? 
ransom DDoS (RDDoS) attack is when a malicious party attempts to extort money from an individual or organization by threatening them with a distributed denial-of-service (DDoS) attack.

Most ransom DDoS attacks start with a ransom note sent to the target in which the attacker threatens the business or organization. In some cases, an attacker may carry out a small demonstration attack to illustrate their seriousness before sending a ransom note.

What to do if you receive a threat?

  1. Do not panic and do not pay the ransom: Paying the ransom only encourages bad actors — and there’s no guarantee that they won’t attack your network now or later.
  2. Notify local law enforcement: They will also likely request a copy of the ransom letter that you received.

How can you prepare now for this threat?

  1. Enable Under Attack Mode during an active DDoS attack: All Internet properties proxied by Cloudflare are already protected against DDoS attacks of any size and kind. The Under Attack Mode performs additional security checks to help mitigate Layer 7 DDoS attacks. Validated users access your website and suspicious traffic is blocked. Learn how to enable the Under Attack Mode here.
  2. Enable DDoS protection for network infrastructure: If your organization’s network infrastructure (Layer 3/4) is exposed to the Internet, consider adopting Cloudflare Magic Transit to extend the Cloudflare protection you get for your web assets to your entire IP infrastructure.
  3. Enable DDoS alerts: If you are on a Cloudflare paid plan, you can be notified immediately in the case of an attack on your Cloudflare protected Internet-property. Click here to enable DDoS alerts from your dashboard.
  4. Review our support docs: Learn best practices to secure your Cloudflare-enabled site and review how to respond to ransom notes threatening a DDoS attack here.