
Ask HN: I got a ransom request threatening DOS attack.  What to do? - hoodoof
I got an email threatening to DOS one of my servers.<p>Do I take this seriously? Or is it just some sort of spam?<p>Seems to me the best thing to do is ignore entirely and presumably they will move on to some other target.<p>Anyone else dealt with this?
======
dalke
No experience. [https://www.americanexpress.com/us/small-
business/openforum/...](https://www.americanexpress.com/us/small-
business/openforum/articles/should-you-pay-ransom-to-cyber-attackers/) looks
quite relevant.

------
jsjohnst
Usually it's just a con in my experience, but more information is needed
though to tell you if you have any real concern. Here's a few things myself or
others would likely need to know to provide any real help:

1) What site were they threatening to DDoS? 2) Who made the threat? 3) What
amount are they demanding?

~~~
hoodoof
They identified the site by specifying its IP address, but there's no magic to
that.

The email did come to an address which is not the domain registration address
which indicates perhaps that a human is involved at least in terms of
determining the correct address to contact.

The threat says it will do a demonstration DOS to prove it is a real threat
and says to look in the web server log to see activity - no action yet - but
it still might come.

Threat claims to be from anonymous but I don't buy that.

They wanted 10 BTC.

~~~
mmosta
Check your upstream provider and inform them of the situation regardless (some
will just null-route your ip if they're not prepared/willing to deal with it),
some might already have protection in place to mitigate certain types of
attacks.

If possible, check-in with an actual DOS protection service and move your
public service to a new IP behind it, whitelist only the providers IPs, free
service from CF might even be sufficient.

Don't pay them, there is nothing to say that they or someone else might
threaten again, 10BTC is a nice chunk of change these days.

