Last year when this happened to several large providers, it was a cluster all around the same time, and it turned out that it was the same org hitting all of them. This quickly came to light as we (ISIPP) started coordinating with the targets, because the attacker was using the same gmail address for communicating with each target. We had a preservation demand served on Google (so they wouldn't delete the gmail account when the complaints started happening), and the Feds were quickly involved. In fact, the Basecamp group that I mentioned came out of that effort.
It seems that several of you here are now experiencing a similar ransom DDoS, all that the same time, so I would be very curious to know if this is similar - are the demands all coming from the same individual/email address? I'd very much like to know. Can each of you who is on the receiving end of this please send me the email address associated with the demands? (I'm on digest here, so even if you post it here, *please* also cc: me).
Anne P. Mitchell,
Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Asilomar Microcomputer Workshop Committee
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop