Ransom DDoS attack - need help!
nanogml at Mail.DDoS-Mitigator.net
Thu Dec 10 22:06:02 UTC 2015
On 12/10/15 at 11:07am, Joe Morgan wrote:
> These are the three e-mail addresses they have contacted me on so far.
> armada.collective at bk.ru
> melvin.webster2 at gmail.com
> luciennemcglynn30 at gmail.com
Ian> messages came from a various bitmessage.ch addresses
# i wonder if they all have the same X-Originating-IP" or the ame
# X-Mailer sw which may imply the same script kiddie or the same
# "group" sending the "i hope they pay up wish list emails"
Barry> I wonder how much of this is due to language difficulties.
Barry> Imagine if all your abuse messages and lots of this often informal
Barry> (and formal) documentation was in Chinese or Russian.
<flame suit on>
i've always thought, since the 80's and 90's that the computers
( PCs, servers, routers ) managed by non-english speaking folks
and non-computer-geeks ( we seem to call them sys admins and
IT dept nowdays ) will be more susceptable to "take over"
by those that know how to hijack computers/routers w/o being noticed
given that every culture has their criminals ... there is a possibility
that the english speaking criminals are the ones using mis-configured
servers and routers for their benefit and purposes
side note, some folks are trying to make $$ with viagra and other meds
but, notice that most of that viagra/meds spam [email protected]#$ is gone
there are the email marketer non-nonsense ... probably the ones
controlling the zombie bots ( foreign PCs ) spewing out 25% of the
there are very specific attacks from old culture chinese, N koreans,
russians and other notorious groups ... etc
that are after certain info ( they may not be after $$$ since its
all gov't $$$ to start with ) .. something to protect against 24x7x365
i'd also worry about the well-known anonymous groups that can actualy
carry out the xxxGbps DDoS attacks and take out high profile targets
- they should be sending out their emails from
anonymous servers ...
- i doubt that google/yahoo could be considered "anonymous"
( non-traceable ) vs throw away temp emails
the nuisance ransoms from script kiddies probably will not
be able to followup, but one did hopefully take preventative
measures spending time and $$$ ... i think they're the ones
asking ( demanding ) for $20 to not the more reasonable
$$$ per specific DDoS multi-national or large local businesses
locally, there seems to a modified virus running around infecting
small business PCs wiping out their silly quickbooks and emails
contacts unless the small biz pay up $xx,000 within couple days
no warnings or demands by emails ... all automated which also implies
they might not be able to stop the virus even if the ransom was paid
# automated, virus controlled ransoms are a very bad thing
removing the virus doesn't help .. since it'd already
removed some or all of your email contacts and quickboosk
hopefully they learned NOT to click on attachments
i donno why the biz's books is exposed to the world
and they don't have clean backups thus their panic to call
the local tv stations ..
( i say they hired a bad outsourced IT dept, but than again,
( some folks tend to be lazy and not listen to the IT dept
magic pixie dust
# Unix'ing since 1970's
More information about the NANOG