As with everything else ransomers are getting pretty smart especially if big money is involved.
Here is one example of ransom email and racket attached to it:
This astronomically high ransom (at time of this writing equals approx 4 million USD), unrealistic as it is for a not-so-big company, also comes with a very smart person behind it.
This means most of regular Cloudflare-based solutions will easily be overridden and your attack will be seen as a “clean” or regular traffic. Even if it had a huge abnormal spike like this:
DDoS-ed by “clean” traffic.
DDoS not mitigated
Resolution:
As I have already been pointing out earlier in other texts, the solution for this is not very simple.
For bigger enterprises, this could be relatively easily solved by using the Cloudflare Enterprise program and getting help from Cloudflare directly. But here we are looking at costs of about $4k or more per month.
For smaller companies who want to make it in-house and save some buck it should be all about finding patterns in traffic, then making appropriate filtering (ie. source Country of traffic, source ASN, browser type, rate-limiting.. etc..)
To resolve the DDoS attack in a cost efficient and timely manner, it is imperative to hire a professional with extensive experience in mitigating ransom. They can provide a swift resolution at a fraction of the standard cost charged by Cloudflare.
If you feel like you need one feel free to reach out and let’s get you back on safe side.
Facing DDoS Attacks or Need Infrastructure Help?
Don't wait for the next attack or infrastructure issue. Get expert help with DDoS mitigation, AWS optimization, and security hardening.
Get Expert Help Now