Talk to your upstream provider.  They may already have mitigation in place 
(e.g. Arbor devices).  If not, then if you know much about this anticipated 
attack (and you seem to have some details) they can certainly implement ACLs 
and other moderating  tools.  Regardless, contact the FBI or similar LEA and 
get them involved: extortion and threats for now, and if they follow through 
then you have civil and very possibly criminal proceedings to look forward to.

I also highly recommend you contact EFF.  Start at eff.org

--patrick darden

-----Original Message-----
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of halp us
Sent: Thursday, December 03, 2015 2:15 AM
To: nanog@nanog.org
Subject: [EXTERNAL]Ransom DDoS attack - need help!

All,

I've been a NANOG member for many years but I'm emailing from an anonymous 
account to reduce the chance of the attackers finding me.

A company that shall remain anonymous has received a ransom DDoS note from a 
very well known group that has been in the news lately. Recently they've 
threatened to carry out a major DDoS attack if they are not paid by a deadline 
which is approaching. They've performed an attack of a smaller magnitude to 
prove that they're serious.

Based on certain details that I can't reveal here, we believe the magnitude of 
the upcoming attack may be in the several hundred Gbps.

I would really appreciate help in a few areas (primarily with certain provider 
contacts/intros) so we can execute our strategy (which I can't reveal here for 
obvious reasons). If you email me off-list with a name/email that you've 
previously used on-list, I will reply from my real email.

Alternatively, if you can post your experiences on-list with large scale high 
profile ransom DDoS attacks, I'd really appreciate it!

Thanks

Reply via email to