A $10 DDoS “Ransom” Attempt: A Reminder About Digital Hygiene

Recently, someone tried to blackmail us with a DDoS attack.

It started like a totally normal conversation. A person messaged me, said they’d found our website, showed interest, asked a couple of questions—nothing unusual. Then they quickly got to the point: pay up or your site will be down for a few days.

The “ransom” amount was almost comical: $10.

To prove they weren’t bluffing, they pushed traffic at the site for a few minutes. From our side it was obvious: in the hosting dashboard the load chart spiked sharply and then dropped just as sharply.

My response was simple: I blocked them and refused to continue the circus.

But the incident itself is a useful case study. Stories like this are a reminder that running an internet business isn’t only about sales, customers, and growth. It’s also about basic digital hygiene.

What to do if someone threatens you with a DDoS

• Don’t pay extortionists. Paying only confirms that the scheme works and makes you a repeat target.
• Put your site behind a CDN/WAF and don’t expose your origin server.
• Use rate limiting and baseline protection against sudden traffic spikes.
• Have monitoring in place so you can spot anomalies quickly.
• Prepare an action plan in advance for what you’ll do during an attack (who gets notified, what gets toggled, what gets blocked, what gets scaled).

They often sell fear, not power

The key thing to understand is that these characters often rely less on real capability and more on fear. They’re betting it’s easier for you to pay than to investigate and harden your setup.

But paying is the worst option. It teaches them that threatening businesses is profitable.