Ransom-based DDoS threat? Don’t pay.

RDDoS attacks are on the rise. Get immediate help with Cloudflare.
Ransomware attacks are on the rise again. And so are Ransom DDoS (RDDoS) attacks. Unlike ransomware attacks, RDDoS attacks do not even require the hacker to access an organization’s internal systems before it can be carried out — making any infrastructure exposed to the Internet vulerable to attack.
Extortion groups claiming to be Fancy Lazarus, Fancy Bear, Cozy Bear, the Lazarus Group, the Armada Collective or others are carrying out a DDoS attack and then following up with a ransom note demanding payment to stop the attack, or they may send the ransom note threatening a DDoS attack first.
In this video, Cloudflare’s CTO shares three steps to follow if you receive a ransom demand:

Contact Us

In submitting this form, you agree to receive information from Cloudflare related to our products, events, and special offers. You can unsubscribe from such messages at any time. We never sell your data, and we value your privacy choices. Please see our Privacy Policy for information.

Trusted by millions of Internet properties, across multiple industries, including:
Logo doordash trusted by gray
Logo garmin trusted by gray
Logo 23andme trusted by gray


1 GigaOm Radar for DDoS Protection v2.0, Sept 2022, Alastair Cooke. Access the report at https://www.cloudflare.com/gigaom-radar-ddos-protection/

2 Gartner “Solution Comparison for DDoS Cloud Scrubbing Centers,” Thomas Lintemuth, Patrick Hevesi, Sushil Aryal, 16 April 2020. Gartner subscribers access the report at: https://www.gartner.com/document/3983636

3 Forrester Wave™: DDoS Mitigation Solutions, Q1 2021, Forrester Research, Inc., March 3, 2021. Access the report at https://www.cloudflare.com/forrester-wave-ddos-mitigation-2021/