Meetup.com battles with multiple DDoS attacks, $300 ransom

[Ink]

Content source

http://meetupblog.meetup.com/post/78113362079/meetups-service-outage

Source: MeetUpBlog.com

Here’s what happened. On Thursday morning, I received this email:

Date: Thu, Feb 27, 2014 at 10:26 AM
Subject: DDoS attack, warning

A competitor asked me to perform a DDoS attack on your website. I can stop the attack for $300 USD. Let me know if you are interested in my offer.
​

Simultaneously, the attack began, our servers were overwhelmed with traffic, and our services went down.

The natural question I know many of you will ask is why didn't we pay, especially since the amount of money demanded was ridiculously small ($300 USD).

We chose not to pay because:

1. We made a decision not to negotiate with criminals.
2. The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated. We believe this lowball amount is a trick to see if we are the kind of target who would pay. We believe if we pay, the criminals would simply demand much more.
3. Payment could make us (and all well-meaning organizations like us) a target for further extortion demands as word spreads in the criminal world.
4. We are confident we can protect Meetup from this aggressive attack, even if it will take time.