I got an email threatening to DDOS me if I don't pay a ransom. What should I do?

This article might be important for you: https://ca.news.yahoo.com/armada-collective-ddos-threats-were-212413418.html

Someone has been copying the Armada Collective's email content to scare people into paying, but no attacks have been recorded.

So, possibly, you don't have to do anything.


Based on the following article you may simply want to ignore it. This seems to be a common scam and your e-mail looks almost exactly like the one from the following article.

http://arstechnica.com/security/2016/04/businesses-pay-100000-to-ddos-extortionists-who-never-ddos-anyone/

Look up the source ISP of the service provider that sent the e-mail and contact their abuse team [email protected]. They may disable the source of the e-mails or alert the unsuspecting customer that may own the machine. Notifying the source ISP is helpful to reduce the amount of this. Make sure you send them an e-mail with full headers. If the source appears to be a compromised system at a large company I would notify them in addition to the ISP. Do this by CC'ing both the company and the ISP at the same time for fastest results. Keep in mind some malicious systems may also be impersonating as a compromised host even though it's not so notifying the ISP may actually be more important than notifying the owner of the system.


Ignore it.

Cloudflare themselves have stated that these are fake - see https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/ I highly recommend that you read this article, as it is a very clear explanation from the front line. The armada collective is a real DDOS group, but some con artists are just using their name to try to scare people. The Bitcoin address is apparently the same on all their emails, which means that they will never know who has paid them.
It is possible to track the amounts paid to a Bitcoin address and it seems they have made over $100K from this scam!

Bottom line, DDOS threats should be backed up by proof (perhaps a DDOS of 15 mins) before you pay up.

EDIT: Just to clarify as it seems from the comments that I wasn't clear enough.
I don't mean to give an opinion whether payment should be made or not. Always have good security, and if a threat causes you to decide to spend money - either by paying the demand or by purchasing DDOS protection that you wouldn't otherwise need - check that the threat is legitimate first by demanding more proof than what might be just an empty threat.

Tags:

Ddos

Threat Mitigation

Related

Why does IV not need to be secret in AES CBC encryption? Preventing Browser from BeEF Exploitation How could Craig Wright obtain Satoshi Nakamoto's private key? Does multiple numbers per button have an effect on security? How could mobile developers prevent bypassing certificate pinning with tools such as SSL Kill Switch? What are the alternatives to door passcodes? Is it possible to transfer a virus through browser video? Is VLC on Linux vulnerable to an attack from .wmv files designed to install viruses? Can free Wi-Fi hotspot providers snoop on HTTPS communications? Bank complains about rooted Android. Is it really any worse than a Windows desktop? Will same-site cookies be sufficent protection against CSRF and XSS? Can governments intercept end-to-end encrypted Whatsapp communication through lawful interception?

Recent Posts