Ransomware attacks are on the rise again. And so are Ransom DDoS (RDDoS) attacks. Unlike ransomware attacks, RDDoS attacks do not even require the hacker to access an organization’s internal systems before it can be carried out — making any infrastructure exposed to the Internet vulerable to attack.

Extortion groups claiming to be Fancy Lazarus, Fancy Bear, Cozy Bear, the Lazarus Group, the Armada Collective or others are carrying out a DDoS attack and then following up with a ransom note demanding payment to stop the attack, or they may send the ransom note threatening a DDoS attack first.

In this video, Cloudflare’s CTO shares three steps to follow if you receive a ransom demand: