Posted on

$500k, The Cost of a DDOS Attack – The Case of Holding a Website Ransom

ddos-attack-cost

Recently, there have been some major DDOS attacks all over the web including big names like Meetup, Aweber, OKcupid, and more.

DDOS is (distributed denial of service), when multiple compromised systems — which are usually infected with a Trojan — are used to target a single system causing a Denial of Service (DoS) attack.

My favorite email marketing company, GETRESPONSE, just got hit by a major DDOS attack.

This happened a few days ago when I logged into my GetResponse account and saw this alert. I then clicked on the link to see what’s up.

getresponse-ddos attack

Low and behold, it’s another DDOS attack. The crazy thing about a DDOS attack is the amount of disruption it can cause on a website and the services it provides. 

So here’s what GetReponse did to mitigate this attack.

“After a conference call with our data center, within minutes we got in touch with Akamai, the 
world’s leading DDoS mitigation provider, with 1.8 Tbps mitigation bandwidth. We asked them to 
deploy an “always on” clean-pipe DDoS scrubbing service for GetResponse. This is the most 
advanced type of protection available on the market (also most expensive). It scrubs all inbound 
traffic for malicious packets of data and returns only “clean” traffic to our data center. 

In total, we are spending close to half a million dollars in mitigation solutions, hardware, 
connectivity and other upgrades. “

GetResponse spent around $500,000 to solve this DDOS attack problem.

You wanna know what’s really REALLY CRAZY! The attackers only wanted $750 or 1.2 bitcoin in exchange for not doing the DDOS attack!

Here a portion of the email from the attacker.

“Subject: DDoS attack, warning 

I don’t have to explain myself anymore. I will stop the attack for 1.2 Bitcoin (≈ $750). 
Your network will be safe from further attacks coming from several botnets, think 
twice before making your final decision, as even the best global DDoS mitigation 
won’t be able to handle easily the incoming new Amp. methods. 
Let me know if you are interested in my offer. “

Here’s the response from the CEO of GetResponse on why he cannot pay the attacker $750.

We weren’t interested, and won’t ever be, even if they continue to attack us. The low “offer” ($750) 
was just bait; we know they’d come back for more. And paying would only encourage them to 
attack other companies. Besides, we are confident that we can protect ourselves in the future with 
the mitigation plan we’ve put in place. But above all, paying criminals is simply the wrong thing to 
do. 

I sincerely apologize for this outage. We care about you, our customers, and realize you rely on us 
to get your emails out to the world. Since the attacks, we’ve been working around the clock to get 
mitigation in place. 

I thank you for your trust, your support and your loyalty during these difficult moments. 

Regards, 
Simon Grabowski 
CEO 
GetResponse “

I applaud Simon for standing up to the attackers and not giving in. As of today, GetResponse is victorious and back in action. Hooray!

Okay, now what about us little guys, how do we protect ourselves from DDOS attackers? We don’t have $500k to spend.

The good news is that if your site gets hit by a DDOS attack, then it means that your website is important enough for someone to launch such an attack against. At least you got that going for you 🙂

Fortunately, if you have a shared hosting account from a reputable hosting provider like HostGator, they are responsible to maintain their servers and the likelihood of all of the other websites on their servers. So they have security systems in place to mitigate the DDOS attacks up to a certain point.

If you are looking for serious DDOS protection, check out cloudflare.

Thanks for reading!

Leave a Reply

Your email address will not be published. Required fields are marked *