Ransom DDoS attacks target a Fortune Global 500 company

In late 2020, a major Fortune Global 500 company was targeted by a Ransom DDoS (RDDoS) attack by a group claiming to be the Lazarus Group. The company was protected by Cloudflare's Magic Transit service which mitigated the threat. This incident is part of wider ransom campaigns that have been unfolding throughout the year, targeting thousands of organizations around the world. Extortionists are threatening organizations with crippling DDoS attacks if they do not pay a ransom. Throughout 2020, Cloudflare onboarded and protected many organizations with Magic Transit, its DDoS protection service for critical network infrastructure, the WAF service for HTTP applications, and the Spectrum service for TCP/UDP based applications -- ensuring their business’s availability and continuity. The company's experience highlights the importance of having an automated always-on DDoS protection service, working with vendors to build and understand a threat model, and creating a contingency plan and educating employees on what to do if they receive a ransom email.