DDoS attack with blackmail

William Herrin bill at herrin.us
Thu May 20 23:07:53 UTC 2021

On Thu, May 20, 2021 at 12:28 PM Baldur Norddahl
<baldur.norddahl at gmail.com> wrote:
> We got attacked by a group that calls themselves "Fancy Lazarus". They want payment in BC to not attack us again. The attack was a volume attack to our DNS and URL fetch from our webserver.
> I am interested in any experience in fighting back against these guys.

If you announce your addresses with BGP then your first two calls
should be to a DDOS mitigator and the FBI. You can reclaim your
routing from the DDOS mitigator after the group gives up but should
keep the relationship with the mitigator so you can more quickly
activate it next time.

If you don't do BGP, substitute your ISP for the DDOS mitigator and
hope they're among the clueful. Call the FBI either way.

There's nothing super fancy about a DDOS mitigator. They take over
your BGP, bringing packets to them first instead of to you. They have
big enough connections to sink whatever packets the attacker sends
their way. They filter this data and then allow just the legitimate
packets to make their way over a VPN back to you.

Bill Herrin

William Herrin
bill at herrin.us

More information about the NANOG mailing list