DDoS Ransom Note and How To Handle Them
One of the most common motivations for a DDoS attack is extortion, where an attacker threatens to take down a site unless the victim pays, typically in the form of a Bitcoin transaction.
Unfortunately, these types of extortion attempts are increasing in both intensity and volume. In recent years, a hacking group called ‘Lizard Squad’ has been responsible for sending demands to a number of high-profile companies, including Sony and Instagram.
Method of attack
The attacker will typically send emails demanding payment of bitcoins. In the ransom note, it will state that if the demand is not met, the hackers will launch a Denial of Service (DoS) attack against the businesses’ websites and networks, taking them offline until payment is made. The demand will state that once their actions have started, they can’t be undone.
What to do if you receive a DDoS ransom note
- Do not under any circumstances pay the demand
- Report it immediately to Action Fraud by calling 0300 123 2040 or by using their online reporting tool
- Retain the original email(s) (with headers)
- Maintain a timeline of the attack, recording all times, type of contact and the content
- Contact Daisy to see if we are able to protect you within 24 hours*
What to do if you are experiencing a DDoS attack
- Report it immediately to Action Fraud by calling 0300 123 2040
- Call your internet service provider (ISP), or hosting provider if you do not host your own web server, to tell them you are under attack and require help
- Keep a timeline of events and save server logs, web logs, email logs, any packet capture, network graphs, reports, etc.
- Contact Daisy to see how we can help protect you from current and future attacks
How to protect your business from a DDoS attack
- Consider the likelihood and risks to your organisation of a DDoS attack, and put appropriate threat reduction/mitigation measures in place
- If you consider that protection is necessary, speak to Daisy’s DDoS prevention specialists
- Whether you are at risk of a DDoS attack or not, you should have the hosting facilities in place to handle large, unexpected volumes of website hits
*Applies to Daisy on-net customers