Ransom DDoS attack - need help!

Chris Baker cbaker at dyn.com
Thu Dec 3 15:11:27 UTC 2015 

OSINT has a plethora of detail available:

http://www.reuters.com/article/2015/11/30/greece-banks-idUSL8N13P5B420151130
http://www.ibtimes.co.uk/armada-collective-who-are-hackers-extorting-bitcoin-ransoms-what-can-we-do-1528253
http://www.bloomberg.com/news/articles/2015-09-09/bitcoin-ddos-ransom-demands-raise-dd4bc-profile

On Thu, Dec 3, 2015 at 10:04 AM, Josh Reynolds <josh at kyneticwifi.com> wrote:

> None of those names you just mentioned have made the international news.
> On Dec 3, 2015 8:59 AM, "Chris Baker" <cbaker at dyn.com> wrote:
>
>> Can you provide some additional details? Is it someone claiming
>> association with a known group like DD4BC or the Armada Collective or
>> unbranded?
>>
>> Cheers,
>> CBaker
>>
>>
>> On Thu, Dec 3, 2015 at 9:54 AM, Josh Reynolds <josh at kyneticwifi.com>
>> wrote:
>>
>>> Sounds like lizardSquad may be at it again
>>> On Dec 3, 2015 8:53 AM, "halp us" <throwaway1958251 at gmail.com> wrote:
>>>
>>> > All,
>>> >
>>> > I've been a NANOG member for many years but I'm emailing from an
>>> anonymous
>>> > account to reduce the chance of the attackers finding me.
>>> >
>>> > A company that shall remain anonymous has received a ransom DDoS note
>>> from
>>> > a very well known group that has been in the news lately. Recently
>>> they've
>>> > threatened to carry out a major DDoS attack if they are not paid by a
>>> > deadline which is approaching. They've performed an attack of a smaller
>>> > magnitude to prove that they're serious.
>>> >
>>> > Based on certain details that I can't reveal here, we believe the
>>> magnitude
>>> > of the upcoming attack may be in the several hundred Gbps.
>>> >
>>> > I would really appreciate help in a few areas (primarily with certain
>>> > provider contacts/intros) so we can execute our strategy (which I can't
>>> > reveal here for obvious reasons). If you email me off-list with a
>>> > name/email that you've previously used on-list, I will reply from my
>>> real
>>> > email.
>>> >
>>> > Alternatively, if you can post your experiences on-list with large
>>> scale
>>> > high profile ransom DDoS attacks, I'd really appreciate it!
>>> >
>>> > Thanks
>>> >
>>>
>>
>>

More information about the NANOG mailing list