A ransom DDoS (RDDoS) is an extortion-driven attack vector, one of the threat models a thorough DDoS test is meant to prepare a target for. The operator either launches a flood and demands payment to stop it, or sends a ransom note threatening a crippling attack on a deadline unless a cryptocurrency payment arrives first. Some campaigns open with a short "demonstration" burst to prove capability, then escalate. The technical floods themselves are ordinary (volumetric, protocol, or L7), the distinguishing feature is the commercial coercion wrapped around them.
Why it matters in DDoS testing
The defensive question a ransom note forces is uncomfortable: if the threatened attack arrived right now, would the stack hold? Paying funds the next campaign and offers no guarantee, so the only durable answer is verified resilience. A test measures whether mitigation engages fast enough and whether the layer of first failure can absorb the threatened volume, turning an extortion deadline into a known, bounded risk instead of a panic decision.
For how to measure that resilience under load, see DDoS Resilience Testing.