"Days-long DDoS Attack with Embedded Ransom Note Mitigated"

An undisclosed website has faced a days-long Distributed Denial-of-Service (DDoS) attack, which measured up to 2.5 million requests per second. According to researchers at Imperva, instead of the attackers contacting the victim separately, the attack itself included a ransom note, perhaps to remind the target to send their bitcoin payment. The ransomware note suggests that the attack was carried out by the Ransomware-as-a-Service (RaaS) operator REvil. As part of the latest attack, the threat actor claimed to have been behind a different attack against the service provider Bandwidth, but the researchers have not determined whether the attackers were, in fact, part of the original REvil group. They did find that the Meris botnet played a key role in the attack. Researchers at Qrator Labs and Cloudflare first observed the botnet activity in huge waves of DDoS attacks. These firms observed the DDoS attack signatures reach nearly 17.2 million to 21.8 million requests per second. In the recent DDoS attack, multiple sites belonging to the targeted company were attacked, with one of the sites being hit for about 10 minutes. The attackers used sophisticated tactics to prevent mitigation as they constantly changed ransom messages and attack vectors. The attacks lasted for several days, sometimes lasting up to several hours. In 20 percent of cases, the attack reached between 90,000 and 750,000 requests per second. The researchers were able to mitigate over 12 million embedded requests targeting random URLs on the same site. On the second day of the attack, the researchers mitigated more than 15 million requests, with the URL containing a different ransom message, but using the same tactics. This article continues to discuss key findings and observations surrounding the days-long DDoS attack on an undisclosed website. 

GovInfoSecurity reports "Days-long DDoS Attack with Embedded Ransom Note Mitigated"