Ransom DDoS attack - need help!

alvin nanog nanogml at Mail.DDoS-Mitigator.net
Thu Dec 10 22:06:02 UTC 2015


On 12/10/15 at 11:07am, Joe Morgan wrote:
> These are the three e-mail addresses they have contacted me on so far.
> armada.collective at bk.ru
> melvin.webster2 at gmail.com
> luciennemcglynn30 at gmail.com

Ian> messages came from a various bitmessage.ch addresses

# i wonder if they all have the same X-Originating-IP" or the ame
# X-Mailer sw which may imply the same script kiddie or the same 
# "group" sending the "i hope they pay up wish list emails"

Barry> I wonder how much of this is due to language difficulties.
Barry> Imagine if all your abuse messages and lots of this often informal
Barry> (and formal) documentation was in Chinese or Russian.

<flame suit on>
i've always thought, since the 80's and 90's that the computers
( PCs, servers, routers ) managed by non-english speaking folks
and non-computer-geeks ( we seem to call them sys admins and 
IT dept nowdays ) will be more susceptable to "take over"
by those that know how to hijack computers/routers w/o being noticed

given that every culture has their criminals ... there is a possibility
that the english speaking criminals are the ones using mis-configured
servers and routers for their benefit and purposes 

side note, some folks are trying to make $$ with viagra and other meds
but, notice that most of that viagra/meds spam [email protected]#$ is gone 

there are the email marketer non-nonsense ... probably the ones
controlling the zombie bots ( foreign PCs ) spewing out 25% of the 
world's emails

there are very specific attacks from old culture chinese, N koreans, 
russians and other notorious groups ... etc
that are after certain info ( they may not be after $$$ since its
all gov't $$$ to start with ) .. something to protect against 24x7x365

i'd also worry about the well-known anonymous groups that can actualy
carry out the xxxGbps DDoS attacks and take out high profile targets
	- they should be sending out their emails from
	anonymous servers ... 
	- i doubt that google/yahoo could be considered "anonymous"
	( non-traceable ) vs throw away temp emails

the nuisance ransoms from script kiddies probably will not
be able to followup, but one did hopefully take preventative
measures spending time and $$$ ... i think they're the ones
asking ( demanding )  for $20 to not the more reasonable
$$$ per specific DDoS multi-national or large local businesses


locally, there seems to a modified virus running around infecting 
small business PCs wiping out their silly quickbooks and emails 
contacts unless the small biz pay up $xx,000 within couple days

no warnings or demands by emails ... all automated which also implies
they might not be able to stop the virus even if the ransom was paid

# automated, virus controlled ransoms are a very bad thing
	removing the virus doesn't help .. since it'd already
	removed some or all of your email contacts and quickboosk

	hopefully they learned NOT to click on attachments

i donno why the biz's books is exposed to the world
and they don't have clean backups thus their panic to call
the local tv stations ..
( i say they hired a bad outsourced IT dept, but than again,
( some folks tend to be lazy and not listen to the IT dept

magic pixie dust
# DDoS-Mitigator.net
# Unix'ing since 1970's

More information about the NANOG mailing list