Staring Down the Armada Collective

[Lyndon Nerenberg <lyndon () orthanc ca>]

Typically, businesses hide from admitting they've been hit by drive-by attacks like Armada is trying to pull off. It 
has been interesting to see the public reaction from the post-Protonmail targets, many of whom are being very visible 
about 1) admitting they have been hit by the attacks, and 2) making it very clear the Armada crew can f*** right off as 
far as collecting ransom is concerned. (Also, 3) the amazing support from customers who understand why we are working 
on putting up defences instead of just paying, and therefore put up with the inevitable downtime as we reconfigure 
sometimes large chunks of our networks.)

The money asked for was a pittance (around USD$6K) for the attacks I'm personally aware of.  The targeted were willing 
to spend far in excess of that to deploy the necessary wall of DDoS protection to keep their services running.  If they 
didn't have it there, already.

What does that say for the business model of the botnet handlers?  They can't up their ransom demands, because nobody 
is paying at the current rates.  And they can't lower them, for the same reason.  And if they change their targets to 
sites than might potentially pay a few hundred dollars at best, those sites will just shut down anyway.

Are we perhaps, finally, reaching the cusp where everyone has realized that if we all, collectively, tell the rodents 
to f*** off, they just might?

Happy Holidays!

--lyndon

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail