Ransom DDoS attack - need help!
Ian Clark
ian.clark at dreamhost.com
Thu Dec 10 17:07:11 UTC 2015
FWIW the exact same thing (identical initial ransom email) happened to us
two weeks ago. The "2 day" message was received on December 3rd. The
group claiming responsibility has yet to follow through.
The messages came from a various bitmessage.ch addresses.
On Wed, Dec 9, 2015 at 10:21 PM, Joe Morgan <joe at joesdatacenter.com> wrote:
> Just an update for those following. We have custom in house software that
> watches the traffic flows from our edge routers and automatically
> blackholes any ip getting targeted. The blackhole gets sent upstream which
> is what we did to maintain the network for our customers during the first
> attack. We did not suffer any network outage because of the attacks other
> than our public facing website which honestly is not critical. Since we
> submitted this thread originally we have gotten two responses from "Armada
> Collective". One basically a reminder telling us we had 24 hours left to
> pay. The next came tonight as they were supposed to be hitting us. The
> second response said they were supposed to be hitting us but decided to
> give us two more days to get the cash into bitcoin. As of right now we have
> not replied to them and have no plans to do so. We never had plans to
> respond or pay them, although telling them whats on my mind sounds
> appealing. We have contacted the FBI and are working with them providing
> info. As for protecting our network from future attacks we put all public
> facing web sites behind Cloudflare and changed the ips from what they were.
> We left the old ips nulled at our edge and with our providers. We plan to
> null any ip they decide to hit and and wait it out. As of right now all
> they have done is take our website offline briefly so not much of a
> problems as it has not caused our customers issues. Thanks for all the help
> and info that has been provided and we plan to update this thread as things
> unfold. I know there are others that have had similar demands (several have
> reached out off list.) so hopefully the info is useful.
>
> --
> Thank You,
> Joe Morgan - Owner
> Joe's Datacenter, LLC
> http://joesdatacenter.com
> 816-726-7615
>
--
Ian Clark
Lead Network Engineer
DreamHost
m: 818.795.2216
More information about the NANOG
mailing list