Authorities suspect that other sites were also targeted

Jan 16, 2012 12:24 GMT  ·  By

An Australian online investment website, Funds Focus, part of Wealth Focus owned by Sulieman Ravell, was temporarily shut down after being hit by a massive distributed denial of service (DDoS) attack.

The Russian masterminds that were behind the attack demanded the owner ransom money to stop the malicious operation that prevented the company from performing its tasks.

The attack began just before Christmas and the site had to be taken offline because it couldn’t handle the large number of requests sent by the cybercriminals, Manly Daily reports.

“I will stop only after you pay me the money. I advise you to quickly reply to me as the attack is very bad impact (sic) on your business,” the Russians said.

The website’s owner ignored the attacker’s threats and contacted the police while removing the affected webpages to put an end to the virtual bombardment.

According to SC Magazine, now, after the incident is over, Ravell is unhappy with the way his hosting company handled the issue and threatens to sue them.

The company in question is one of the largest hosting providers in Australia and its representatives state that they suspended accounts hit by DDoS attacks to “ensure there is no further damage and [bandwidth] cost to the customer and traffic continues for other customers.”

While Ravell claimed that the web hosting firm didn’t offer any support in mitigating the attack, suspending his account without much notice, the host argued that they attempted to warn him, but they couldn’t reach him.

The affected website has been moved to another host, HostGator, that blocked the 17,000 Asian IPs which sent the large number of requests, putting an end to the attack.

The Australian Federal Police (AFP) suspects that the attack targeting Funds Focus may be related to other similar hits, including the one that affected ANZ E*Trade at the end of 2011.

Update. We have contacted Mr. Ravell for an official statement regarding the incident and he was kind enough to provide some details. His statement reads:

I think it is important to note that by the very nature of a Denial Of Service attack, this isn't a hack and at no time was the security of client data an issue, this was purely an attempt to stop investors accessing our site in an attempt to extort money from us.

I am glad to say that unlike some of the other companies that seemed to have been affected for longer periods, by being proactive, contacting ISPs of the offending IP addresses and moving web hosts very early on we managed to minimise the disruption to our readers to just 2 days.

We went public with this purely as an attempt for us to try and turn this into a positive and make people aware that this could happen to them.

If you have a website, contact your web host and specifically ask them if they protect you from DDOS IP Attacks. A good starting point is to look at the host's terms and conditions.