Blackmailers bombard DirectVPS with ddos ​​attacks with peaks of 210Gbit/s

DirectVPS has been a target of DDOs attacks since Monday, causing downtime and slow connections to customers of the company. The suspected perpetrators demand an amount in bitcoin, but DirectVPS does not respond to this.

100% increase in daily DDoS traffic in 2020 as potential grows for 10 Tbps attack: Nokia | ZDNet

The attacks on DirectVPS started last Monday afternoon. According to the company, the attacks involved entire ranges and with peaks of 80Gbit/s in an attempt to make the overall infrastructure inaccessible. The attack lasted 20 minutes but turned out not to be an incident: Tuesday morning an even more severe attack followed, with DirectVPS detecting peaks of 210Gbit/s.

That same day, the company received an email claiming the attacks. If DirectVPS transferred a certain amount of money in bitcoin, they would stop, was the claim. “Our position on extortion is clear: don’t pay,” director Larry Kos tells customers. “By paying you make yourself a permanent target.”

In the meantime, the company had taken measures and, among other things, called in the National Car Wash against DDO attacks, to filter traffic using that service. Since then, the company’s engineers have been tweaking filter settings to fend off the recurring attacks. The perpetrators then adjust their attack again.

“These are very large attacks with new tricks. They have not seen many attacks like this in the NaWas either. These include attacks on the dns infrastructure, with which you hit a large number of customers at once. We are already filtering a lot, but the hard part is letting legitimate traffic through in attacks of this magnitude.”

Kos has no idea who is behind the attacks and why they are targeting DirectVPS. “It seems that we are a random target. Nothing can be traced from the attacks. It is really aimed at us and not, for example, at one of our customers.” The director also reports that he has received several e-mails from the possible perpetrators, after Tuesday’s. The attacks are the umpteenth in a series that were carried out on Dutch hosting companies this year. TransIP , Argeweb and Yourhosting were successively targeted in recent months.

It may interest you :  Microsoft closes zero days in Exchange 'that have been abused by Chinese hackers'

The DirectVPS director apologizes to affected customers and reports that he is working with all his might on improvements, such as further improving the filtering. The company keeps customers informed through a status page , which has been temporarily hosted elsewhere to be reachable.