Last Thursday (April 7th) we received a threat of a distributed denial of service (DDoS) attack from a group claiming to be the “Armada Collective”, against the NitroSell platform, and so against our customers’ webstores. They requested a “ransom” payment of 11 Bitcoins (~$4,500) to call off the attack, which they claim will start tomorrow (April 13th).
What are DDoS attacks?
Via Wikipedia: https://en.wikipedia.org/wiki/Denial-of-service_attack
In computing, a denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users, such as to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. A distributed denial-of-service (DDoS) is where the attack source is more than one, often thousands of, unique IP addresses. It is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations.
Criminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks, credit card payment gateways; but motives of revenge, blackmail or activism can be behind other attacks.
What actions has NitroSell taken to protect my webstore?
Rather than pay the ransom, which is against the advice of IT security specialists, we have taken measures to mitigate/protect against the attack. We have implemented DDoS protection from two different, industry-leading security providers, which have been in place since Saturday (April 9th).
These protection services cover our entire platform and will protect both URL endpoints and originating IP addresses against DDoS attacks. Although we cannot guarantee they will provide 100% coverage, we will do our best to ensure the attacks will not result in extended downtime.
The DDoS mitigation services will remain in place indefinitely to protect your store against future attacks.
If you have questions, please contact NitroSell support.