Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The story of a DDoS extortion attack – how one company decided to take a stand

John E Dunn | June 16, 2016
German payment processor goes public on threats received last week

Facing an £8,000 ransom, a CEO decided to do something unheard of - go public

Last Friday, June 10, a member of the IT team at German payments processor Computopretrieved an email sent to one of the company's public addresses threatening to hit the firm's customer websites with a massive DDoS attack if a ransom of 15 Bitcoins (about £7,900) was not paid to the attackers by June 15.

The attackers had launched a smaller demo DDoS to prove their intent, the email said, something IT staff confirmed after checking monitoring systems. This was clearly a threat with the capability to do serious damage.

"If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there's no counter measure to this. You will only end up wasting more money trying to find a solution.," the email warned in broken English.

"We will completely destroy your reputation amongst Google and your customers and make sure your website will remain offline until you pay."

When Computop's CEO Ralf Gladis heard of the threat he was tempted to pay up.  But after speaking to contacts in the industry over the weekend he resolved instead to do something rare and, frankly, quite extraordinary.

Instead of simply ordering his company to defend itself in conventional fashion he decided to write to all 5,000 of Computop's customers and partners telling them that on 15 June his firm's website was likely to be hit with a DDoS attack big enough to cause everyone serious problems.

Instead of shutting up and living with the secret, he was going to tell the world what might be about to happen.

Computop's engineers had earlier confirmed that an attack of 80-90Gbits/s would be more than enough to cause an outage to the platform and anyone in its vicinity in the datacentre.

"We don't want to hide behind a wall of silence and are determined to keep you in the loop with regard to what's been going on," wrote Gladis in a second follow-up email sent a matter of hours before the DDoS deadline was due to expire.

"DDoS attacks happen every day, and they can hit each and every one of us. Which is why we should take advantage of our community of business partners - stick together, learn from each other and ensure we are prepared for when the s**t hits the fan."

The story of a DDoS extortion attack - going public

Gladis probably didn't consider it at the time but he was making history. Companies hit by or threatened with DDoS attacks rarely talk about their experiences and absolutely never put such information into the public domain prior to an attack. It just isn't done. Business wisdom says that it's just too much of a reputational risk and might even seriously annoy the attackers. It's almost as if the industry sees the attack as being the victim's fault.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.