"We knew we were taking a slight risk but it's worth it. It is about fighting criminals and complying and hiding is not going to help."
Computop involved cyber police in the German state of Bavaria who were able to trace some of the IPs used in the demonstration attack launched by the extortion gang. According to Gladis, police used police forces across Germany to visit the offices of the innocent companies in which rogue servers were operating, asking for them to be taken down.
Not only was Computop fighting back against DDoS extortionists it was also party to a botnet take-down.
Computop's story stands as a remarkable refutation to the idea that security is best served by secrecy. In fact, as Gladis, suggests, secrecy is what makes these crimes more potent than they would otherwise be. When there is no learning, criminals are able to target companies one at a time, picking them off at will.
"There is nothing to hide. This can happen to all of us. Better to talk about it and let people know," he says. "Our customers will be better prepared than we were."
Computop's DDoS defence 101
The company has now published a more detailed set of recommendations for anyone who faces the same type of attack. Below we extract the main lessons but the published document offers more depth:
- Inform your datacentre. This might seem obvious but it is critical that they know as soon as possible of the threat. When choosing a datacentre makes sure it is one that is open to helping in these situations.
- Don't pay the ransom and don't communicate with the extortionists. "They might just attack anyway and ask for more money. They might come back under a new name. They might tell their friends that we are willing to pay."
- Reach out to your partners for advice. Many of them will have had similar experiences.
- Don't underestimate the usefulness of firewalls, including your datacentre's upstream infrastructure. That filtering can lighten the load.
- Consider using DDoS mitigation and expert consultants. It costs but the price is small compared to the protection it offers. Techies or pen-testers with experience in DDoS can also offer the sort of advice that saves valuable time, including how the attackers operate.
- Phone the police. The Bavarian state police reacted extremely quickly to help defuse part of the extortionist's botnet (see above).
Source: Computerworld UK
Sign up for CIO Asia eNewsletters.