New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
DDoS Ransom Letter - Ongoing attacks
Hey guys,
Terrahost received a DDoS Ransom letter today. Currently we are filtering what they are sending towards us and the network is stable.
Anyone received similar as of late? Of course, giving into these threats is never going to happen. We are not sure why this is happening. There are no obvious targets at the moment.
Making this post to inform others, in case someone is knocking on your door, have your filters prepared.
Here is the letter as a whole:
Comments
I don't think this is the real Fancy Bear doing this.
Bookmarked. Please post updates.
@FlorinMarian might be able to help here.
To sustain that amount of DDOS, attacker needs to have some pretty big "cohones".
Keep us updated.
Joking aside, it's clear that @terrahost knows what it's doing.
Never pay attackers because whenever you pay someone not to attack you, they will ask you for more money or they will attack you next time.
Then we also take into account the fact that the individual did not demonstrate anything
>
You read the title ??? "Ongoing attacks"
isnt fancy bear russian state apt? Why would they do ransom with ddos lol. since these attackers are cosplaying as them, you shouldnt have problems other than ddos and probably wont even last for long since its expensive
hopefully you get through this without much issues
Around 1 tbps (not sustained) is pretty normal these days for ddos attacks, and their claim of 2tbps is also just for peak
edit: just googled "fancy bear ddos", and this looks like a pretty common scam, the ddos might be real but not as strong or as persistent as claimed
https://www.group-ib.com/blog/fakeapt28/
yes, fancy bear is the name for APT 28.
https://malpedia.caad.fkie.fraunhofer.de/actor/apt28
Be weary of third party mitigation providers offering to swoop in to play hero...
path sales is on their way to terrahost rn (if they still have people for sales)
We do not believe this either.
Oh yeah, already got a few DMs here and there
We are mitigating the attacks ourselves at the moment. Gbps of tripple digits is hitting our filters.
The filters:
Never send money , they will just be tired and will stop , i was a target of ddos attacks and i know how bad it feels.
Tell them to go fuck their mother.
At most they'll attack few more days for that comment and move to another one.
Were you able to mitigate the attack while it was still in progress?
I use the force of nullroute
We used to receive such emails - and telegram messages past year, seems to be a new fun thing. There is also no week we‘re not receiving DDoS on our own infrastructure 🤡
Group-IB is a super quality source and ddos it no where near fancy bears MO. So I feel comfortable saying that it's 100% fake.
Never pay ransoms and never give into blackmail, be a principled strong minded human being.
"We do not negotiate with terrorists!"
Theoretically, if it had been a situation where the only way to stop the attack was to pay up their demands, how would you folks handle it?
Would rather pay 10-20x more to have a good DDoS Mitigation, identify packets path and block provider or even the country that has most negative impact... or stay down for as long as they want. No ransom.
Yes
0,5btc = 33k or so.
Why would i not get a solution for that? Or even less? Countless possibilties come into my mind already.
At this amount i think i can already start Develop a own in-house solution. Or even xdp based. Was already Checking into how this works.
Whoever pays is just fucked in his head.
18 naked routers in the showers at fancy bear ranch
Big hard throbbing optics wanting to be sucked!
18 naked routers wanting to be bucked!
Fancybears in the showers at fancy bear ranch.
On their knees wanting to slam biloh bucks.
Fancy bear ranch really rocks!
For those who dont know the song:
These threats never even come close to the tbps claims. Usually it's just DNS amplification attacks.
1tbps peak even isn't close to "normal" these days. Most DDoS attacks are under 100Gbps on average. Not sure where you heard that.
The whole point of distributed denial of service is that it's distributed, usually coming from real infected devices. Checked about 10 IPs from the list of the group-ib article and they all come from ISPs in different countries including Switzerland, Italy, South Korea, Romania, Dominican Republic, Uruguay, Brazil, Hungary, France. One was even from a US university.
We haven't seen anything special today. Oh well.
Based, any chance on you guys opening a new location?
I might be ignorant here, but why play with fire? Let’s estimate that it’s 99 % skids with some cheap DDoS service that they’ve subscribed to, but what if it’s not, or what if they now try to increase their attack capabilities to have fun with this thread, or, some completely different actor sees this thread and decides to give it a go?
Again, maybe I’m ignorant, but as I see it, this thread is provocative and when getting attacked, there’s always a risk of clients seeing some sort of impact.
Not to say one should pay, I wouldn’t.
why not? mentally strong men doesn't afraid of skiddies. and they're confident with their infrastrucutre.
you have nothing to lose yet having L mentality. people need their chicken drama in LET, LET it happen