Ransomware groups are now using DDoS attacks as a negotiation tactic to increase pressure on victims who do not cooperate in paying the ransom. This "Triple Extortion" strategy has recently been used by ransomware operators SunCrypt, RagnarLocker, and Avaddon.

In this tactic, after encrypting the files on the victim's network, the attacker will flood the victim's website or network connection with large requests. The attacker will then post a message on the victim’s website claiming that they will continue the DDoS attack until the victim makes contact or pays the ransom. This type of attack tactic is called Ransom DDoS (or RDDoS).


  • The ransomware encrypts a wide range of file types including images, videos, spreadsheets, documents, audio files, databases and archives.
  •  The attacker also encrypts important data and renames the infected file with the .avdn extension.
  •  The ransomware can spread via various infection vectors such as corrupted advertisements, spam emails, fake social media posts/pages, or fraudulent software updates.


  • Take a proactive approach in making frequent backups of important data offsite.
  • Use strong and different passwords for every server.
  • Frequent update of operating system, applications and every network device.
  • Provide security awareness training to all employees and end users on how to identify phishing emails.