How do I handle a hacker attempting to extort me by threat of DDoS?

Question

Recently, myself and a few other friendly website owners have been messaged by the same hacker that is asking for BTC or he will take down our sites.We have no information about him.Already using Cloudflare, it did seem to detect some of his BotNet(~3500 instances) but not enough to stop the load he put on us. (edited)Cloudflare Rate Limiting is just too expensive and "I'm under attack" mode just breaks the site in places anyway.I've reached out to Cloudflare support to try identify his BotNet from the times when he took it down.Any help would be much appreciated.

sigmaprimus · Accepted Answer

Weather the storm, do not pay the extortion. Most of these guys are shake down artists and when they realize there is not going to be a payout, they will move on to their next victim. Many of them are using rented botnets and dont want to waste their own money on a non payer, unless of course you do pay up, if you do that then they will keep at it and share/sell your info to others, things will get much worse.

codingdave · Answer

https://www.icann.org/news/blog/how-to-report-a-ddos-attackFrom that page: "you should contact law enforcement if your organization received a threat prior to the attack, or received a demand for money in return for not being attacked"

saluki · Answer

One of my clients came DDoS attacks every summer three years in a row, we said we were going to print up T-shirts for the annual event but they stopped this year.
We setup copies of the site so we could quickly rotate it to new IPs during the attack and signed up for the CloudFlare business plan for a month or two during the attacks every year.
This kept the site up for us. We also posted a message on the home page so our users would know what was going on.
We were able to use under attack mode without it affecting the site too much.
Good luck riding it out.

sarcasmatwork · Answer

Prolly exploiting a known vulnerability. Have you patched and rebooted all of your systems? Removed accounts that you dont use? Change pw's to everything?
Windows or Linux systems?
You can do some mitigation with iptables in linux.
>He has proved that he can by taking our sites offline for a minute.
What did this person take down exactly? The web server, or did he reboot the system?

thomasfromcdnjs · Answer

Update:Three different people from Cloudflare reached out to resolve the problem. They are awesome!

How do I handle a hacker attempting to extort me by threat of DDoS?

https://www.icann.org/news/blog/how-to-report-a-ddos-attack
From that page: "you should contact law enforcement if your organization received a threat prior to the attack, or received a demand for money in return for not being attacked"

Update:
Three different people from Cloudflare reached out to resolve the problem. They are awesome!