Victim Company Refuses to Pay DDoS Extortion Fee and Is Permanently Forced Out of Business

Linda Musthaler
By | August 25, 2014

Posted in: Hosting Provider DDoS Protection

If your company relies on your website to conduct any amount of business, it's time to take notice of what has been happening lately with regards to DDoS attacks. In the past few weeks, numerous companies have experienced DDoS attacks in which there is a demand for money in order to stop the attacks. In plain words, extortion.

According to TechCrunch, the attacks seem to be increasing in frequency, and now leave a long line of victimized sites in their wake, including Meetup, Basecamp, Vimeo,, SAY Media/TypePad, Namecheap, Plenty of Fish and Moz, to name a few of the more recent victims. I'll add Evernote, Feedly, and Code Spaces to that list.

It's not clear who is behind these attacks, or how many actors are involved. Fortunately most of the companies have been able to fend off the attacks within a reasonable amount of time, but one victim company learned the hard way that a DDoS attack is often a smokescreen for additional types of illicit activity.

Like the other companies on the list above, the cloud-based code hosting service Code Spaces experienced a DDoS attack accompanied by a ransom demand. Code Spaces assumed it could handle the attack on its systems, which were hosted on Amazon Web Services (AWS). When the attackers didn't get their payoff to end the DDoS attack, it is presumed they directed their vengeance toward gaining access to Code Spaces's Amazon EC2 control panel and then deleting most of the company's data, backups, machine configurations and offsite backups. This was reported by officials at Code Spaces.

These actions, quite literally, put Code Spaces out of business. The company has closed its doors permanently.

TechTarget reports that when the DDoS attack on Code Spaces began, the attackers logged in to the company's AWS Elastic Compute Cloud (EC2) console and left messages instructing the company's management to contact them via email. According to TechTarget:

"Reaching out to the [email] address started a chain of events that revolved around the person trying to extort a large fee in order to resolve the DDoS," the company said on its homepage. The company tried to change its passwords, but the intruder was prepared and already created a number of backup logins to the panel.

Code Spaces was able to get its panel access back, but not before the hacker removed all Elastic Block Storage (EBS) snapshots, Simple Storage Service bucks, AMIs, and some EBS and machine instances. Most of the company's data, backups, machine configurations and off-site backups were either partially or completely deleted, leavingCode Spaces unable to operate.

To be clear, it is the loss of all this business data and not the DDoS attack itself that drove Code Spaces out of operation. The company did not design its cloud infrastructure in a manner that would protect its data and long-term operations. Nevertheless, it's a reminder for everyone that DDoS attacks can hide something far more sinister than knocking a company's website offline for a few hours or days.

You May Also Be Interested In: