Attacker demands ransom after series of DDoS attacks on Poker site

On the evening of September 1st, 2017, an unknown attacker conducted a series of massive DDoS attacks on the servers of America’s Cardroom and its Winning Poker Network (WPN) forcing its services including Online Super Series (OSS) Cub3d to go offline.

The site confirmed the attack in a Tweet at 2:12 am revealing that “We are currently experiencing a DDOS attack, all running tournaments have been paused. Will keep you updated.”

However, at 2:41 AM another Tweet from the company announced that due to non-stop DDoS attack it has no other option but to cancel all the ongoing tournaments. “At this moment, the tournaments department is canceling and refunding all tournaments as per our terms and conditions.”

At 2:59 AM, a Tweet came up with a good news stating that the DDoS attacks have been mitigated and the client is back up. “Our techs have been able to mitigate the DDOS attack; the client is back up. If you need any further assistance, please contact our CS dept,” the Tweet said.

However, 5:20 AM the company Tweeted that their networks are under another DDoS attack forcing the site to pause all running tournaments. “We are experiencing another DDOS attack; our techs are working in order to mitigate it. All running tournaments have been paused.”

Then at 3:53 PM which was 10 hours after their last Tweet the network said they are still facing DDoS attacks causing the service outage. “The DDOS attack is still underway Our techs are mitigating it, causing for some players not being able to connect. Will update soon.”

At 5:40 PM the poker site again mitigated the attacks but after a few hours, ie, the very next day on 2nd September, America’s Cardroom sent a series of Tweets announcing that all running tournaments will be canceled and refunded since their network is once again under cyber attack.

The next day (September 3rd) the company again Tweeted about another DDoS attack and canceling of all running tournaments. However, WPN CEO Phil Nagy explained the situation on his Twitch channel.

According to Nagy: “We had the attacker get on chat and say I am gonna attack you in one minute and he does the attack, but I will never pay an attacker I won’t pay a ransom, I won’t do it because once you get the bully get your lunch money, he’s taking your money all the time. Once they make you a bit*h, you are a bit*h, and I don’t like the idea of being a bit*h.”

Nagy told the attacker to “get some job,” in reply, the attacker said, “This is my job, some other site is paying me to attack you.”

WPN is not new to the DDoS attacks as Nagy said: “Throughout the year We have suffered DDoS attacks.” He also plans to implement proper security measure to avoid damage in case they are under cyber attack in the future.

In the end, the DDoS attacks were mitigated by the IT department on WPN. However, their websites (americascardroom.eu and americascardroom.net) were still offline.

With each day passing, the incidents involving DDoS attacks leading to ransom demand are increasing. The most prominent incident was witnessed in November 2015 when encrypted email service ProtonMail suffered non-stop DDoS attacks after which attackers demanded ransom. ProtonMail then paid $6000 as ransom, but the attacks continued nevertheless.

The same is the case with ransomware attacks in which attackers infect a targeted system, take control and demand ransom money. The latest example is South Korean web hosting company NAYANA who had their Linux based server infected with Erebus ransomware. The company ended up paying $1m ransom.

Watch live video from AmericasCardroom on www.twitch.tv

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.