Meetup management requires $ 300 for canceling a powerful DDoS attack.

On Thursday, CEO Meetup received a strange e-mail message that said, “Your competitor asked me to make a DDoS attack on your site. I can stop the attack for $ 300. Let me know if you are interested in my offer. ” And before the message was read, the service actually began to be attacked at 8.2 Gbit / s, which led to a fall.

Restore Meetup to life, but only after 24 hours, and then, not very long - the work of the service was seriously disrupted. Meetup started working on Friday morning to get back on Saturday afternoon. On Saturday at midnight, they raised it, but on Sunday, the service fell again. In general, all this continues to this day.
')
Of course, everyone is surprised that the amount required by the attackers is so small - it is likely that the prolonged drop in service resulted in significantly larger losses, plus the cost of restoring the site and protecting against DDoS (as we see, not the most effective).

However, companies that are engaged in protection against DDoS-attacks, argue that all this - not news. For a long time, attackers have attacked mainly small and medium-sized services and sites (for example, small online casino sites), demanding money from the owners of such resources in return for canceling the attack. As you can see, the situation is changing, large services are becoming the object of attack.

The attack itself is quite simple - the NTP protocol feature is used, when an attacker gives a short request and receives a long response, thus generating large amounts of traffic. The request goes, for example, to computers included in the botnet. And the answer is, large amounts of information, the attackers redirect to the attacked server. If a botnet has a lot of PCs, then the volume of “junk” traffic is simply gigantic.

Now the vulnerability is slowly being corrected, but this is a very long process.

Therefore, this method of attack is still very relevant, and attackers use all this to get small amounts of money from owners of services like Meetup. As mentioned above, it is much more profitable to pay 300 dollars than to “lie down” for several days, or pay the appropriate anti-DDoS services for protection.