Staring Down the Armada Collective

Lyndon Nerenberg lyndon at
Fri Dec 4 02:28:58 UTC 2015

Typically, businesses hide from admitting they've been hit by drive-by attacks like Armada is trying to pull off. It has been interesting to see the public reaction from the post-Protonmail targets, many of whom are being very visible about 1) admitting they have been hit by the attacks, and 2) making it very clear the Armada crew can f*** right off as far as collecting ransom is concerned. (Also, 3) the amazing support from customers who understand why we are working on putting up defences instead of just paying, and therefore put up with the inevitable downtime as we reconfigure sometimes large chunks of our networks.)

The money asked for was a pittance (around USD$6K) for the attacks I'm personally aware of.  The targeted were willing to spend far in excess of that to deploy the necessary wall of DDoS protection to keep their services running.  If they didn't have it there, already.

What does that say for the business model of the botnet handlers?  They can't up their ransom demands, because nobody is paying at the current rates.  And they can't lower them, for the same reason.  And if they change their targets to sites than might potentially pay a few hundred dollars at best, those sites will just shut down anyway.

Are we perhaps, finally, reaching the cusp where everyone has realized that if we all, collectively, tell the rodents to f*** off, they just might?

Happy Holidays!


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the NANOG mailing list