Topic: DDOS for ransom (Read 4828 times)

Sorry, I don't store much logs because of people wanting to be anonymous. So they are probably already overwritten. The important thing is that the service was running again after only 48 hours from Saturday to Monday, while still being DDoS'd

Ridiculous.  Walletbit? 
I thought gambling sites were always the best targets for would-be DDOS extortion thugs.
 

A lot of little strategies, rather than one big obvious fix.  DDoS typically involves flooding of some type of traffic.  A simple DDoS might be a flood of TCP/IP open-a-new-connection packets, designed to confuse and overload OS kernel networking software.  Other DDoS's are simply a massive amount of valid traffic, i.e. sending HTTP requests to compute-intensive script on the web server, over and over again, hundreds of thousands of requests per second.

Each DDoS is different.  The traffic sources may come from different parts of the world, originate from different ISPs.  They may originate from a criminal DDoS black market, where armies of "zombie" machines may be rented by the hour to perform DDoS attacks.

One thing is certain, though:  there is very little economic reason to pay DDoS ransoms, as that simply serves as a clear economic signal that you are a mark, and can possibly be taken for even more money.  Paying ransoms encourages further DDoS.  Criminal parasites don't need your business to be profitable and sustainable.

Typically a business will take unspecified technical steps themselves, or hire a security firm or DDoS-proof hosting firm to do it for them.

Sometimes it is possible wait out a DDoS, but that's not realistic for most web businesses/services.  It could take weeks or months, as the cost of zombies is probably below the several-thousand-bitcoin payout that other thieves have seen in the bitcoin press headlines.

BitPay is back from their DDOS now. Any information on whether they paid their way out, and if so, how much?

How do people stop DDOS attacks anyway?  Is it like a separate box or proxy laid down in the chain of connected stuff that auto-ignores requests from any IP sending way too many requests at a much faster speed than the server could or something?

Prolexic has it covered...

We do not negotiate with DDOS attackers. Simple really.

This is true, even using botnets to mine its not worth the time. DDOS and identity theaft much more profitable.

CPU Mining is so worthless, even with a botnet of average PCs. You could make way more money by DDOSing or just stealing user info. There's already been Bitcoin mining botnets discovered.

Also, mining may slow the PCs down more which could potentially reveal to the user that they are infected or even drive them to get rid of the infection.

3 pages later, I bet this has been posted but tl;dr.  DDOS = a lot of PCs.  If they control them, couldn't they just use them all for mining instead of targeting them at a server for extortion?

Assassination Market

The first time some chronic DDoSer, whether an extortionist, "political activist" or idiot script kiddie is found slashed from his groin to his solar plexus, 90%+ of people who have ever launched even a single attack will go find a new hobby.  

Been saying this for 15+ years about malevolent hackers; while society itself seems inclined to give them a free pass, I think that the fact that despite huge leaps in technology, no group has ever taken on a serious criminal organisation speaks volumes about what their real level of confidence against reprisals is.  


Frank

Any chance you could publish a blacklist?

I just think it's such a shame, that you have to hide behind all sorts of protection, even when you run a descend business in which people depend on to put food on their table.


Thank you for bringing this to my attention. It seems I made the correct choice of building my own solution based on amazon ec2 implementation and applying custom firewall rules to prevent this DDoS.

My only regret is that I did not foresee the size of this attack as it caught me totally off guard.

mining pools were DDOS for ransom back in the day. they just moved to a host that provided DDOS protection.

No one should ever pay a DDOS ransom. Eventually you can quell the attack with multiple solutions. DDOS is unsustainable and is a US Felony.

Do they take bitcoin? 

CloudFlare is free (http://www.cloudflare.com/)

i doubt you can compete with that... 

Semi-serious. In the real world it is known as "advanced" policing or mafioso tactics ... take your pick.

Is this a serious proposal??

In real world this pattern is known as racketeering: put a shop on fire and then offer protection to the threatened owner. Do we really want Bitcoinland go that route?

Nope. Doesn't work for me.

EDIT: works now.