[jnsaff2]

About 20 years ago I was kinda accidentally the guy who dealt with the DDoS attacks in the sysadmin team. There was a sequence of extortion emails during about 2 week period:

1. $50k or we attack - didn’t register anything

2. $25k or else - a minor overload on the server but nothing serious.

3. $10k or else - a serious attack which affected the service in a major way.

4. $5k or we really pissed - this time they took down a whole Tier2 ISP and Datacenter in London for a day. Other carriers peering on London Internet Exchange had to blackhole traffic to our service provider and finally kept blackholing one of our IPs for a while. I had to scramble to find a DDoS mitigation service, new DC and servers.

We did not respond to any of the emails. The attackers were also quite dumb, they attacked the web servers which were located in a well connected place.

The money making service of the business was in the Caribbean with a 1,5Mbps T1 and a 0,5Mbps satellite backup. They could have saturated those much easier for much longer and the impact then would have been about $1M revenue loss per hour.