Ransom DDoS attack - need help!

Robban robban+nanog at netnerdz.se
Thu Dec 3 15:14:34 UTC 2015

This is my first mail to the list.
Afaik, the DDoS is "only" a UDP based one (or much of the attack), you should be able to mitigate 
some to much of the damage caused by filled pipes by blocking incomming UDP trafic at your ISP level.
> * On Thu, Dec 03, 2015 at 03:15:04AM -0500, halp us <throwaway1958251 at gmail.com> wrote:
> > All,
> > 
> > I've been a NANOG member for many years but I'm emailing from an anonymous
> > account to reduce the chance of the attackers finding me.
> > 
> > A company that shall remain anonymous has received a ransom DDoS note from
> > a very well known group that has been in the news lately. Recently they've
> > threatened to carry out a major DDoS attack if they are not paid by a
> > deadline which is approaching. They've performed an attack of a smaller
> > magnitude to prove that they're serious.
> > 
> > Based on certain details that I can't reveal here, we believe the magnitude
> > of the upcoming attack may be in the several hundred Gbps.
> > 
> > I would really appreciate help in a few areas (primarily with certain
> > provider contacts/intros) so we can execute our strategy (which I can't
> > reveal here for obvious reasons). If you email me off-list with a
> > name/email that you've previously used on-list, I will reply from my real
> > email.
> > 
> > Alternatively, if you can post your experiences on-list with large scale
> > high profile ransom DDoS attacks, I'd really appreciate it!
> > 
> > Thanks

Robert Soderlund

More information about the NANOG mailing list