Redirecting to the Daisy Partner Business site...
We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. Clicking continue will proceed with all cookies and remember your preferences for future visits.
Accept and continue to site
Configure your cookie options

Our use of cookies

We use necessary cookies to make our site work. We'd also like to set optional analytics cookies to help us improve it. These optional cookies can be turned on and off below. Using this tool will set a cookie on your device to remember your preferences.

For more detailed information about the cookies we use, see our Privacy & Cookies Policy.

Necessary cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytics Cookies

We'd like to set Analytics cookies to help us to improve our website by collecting and reporting information on how you use it. The cookies collect information in a way that does not directly identify anyone. For more information on how these cookies work, please see our Privacy & Cookies Policy.

Save & Close

DDoS Ransom Note and How To Handle Them

One of the most common motivations for a DDoS attack is extortion, where an attacker threatens to take down a site unless the victim pays, typically in the form of a Bitcoin transaction.

Unfortunately, these types of extortion attempts are increasing in both intensity and volume. In recent years, a hacking group called ‘Lizard Squad’ has been responsible for sending demands to a number of high-profile companies, including Sony and Instagram.

Method of attack

The attacker will typically send emails demanding payment of bitcoins. In the ransom note, it will state that if the demand is not met, the hackers will launch a Denial of Service (DoS) attack against the businesses’ websites and networks, taking them offline until payment is made. The demand will state that once their actions have started, they can’t be undone.

What to do if you receive a DDoS ransom note

  1. Do not under any circumstances pay the demand
  2. Report it immediately to Action Fraud by calling 0300 123 2040 or by using their online reporting tool
  3. Retain the original email(s) (with headers)
  4. Maintain a timeline of the attack, recording all times, type of contact and the content
  5. Contact Daisy to see if we are able to protect you within 24 hours*

What to do if you are experiencing a DDoS attack

  1. Report it immediately to Action Fraud by calling 0300 123 2040
  2. Call your internet service provider (ISP), or hosting provider if you do not host your own web server, to tell them you are under attack and require help
  3. Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports, etc.
  4. Contact Daisy to see how we can help protect you from current and future attacks

How to protect your business from a DDoS attack

  • Consider the likelihood and risks to your organisation of a DDoS attack, and put appropriate threat reduction/mitigation measures in place
  • If you consider that protection is necessary, speak to Daisy’s DDoS prevention specialists
  • Whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits

*Applies to Daisy on-net customers