Why do DDOS attacks end?



If a hacker has the resources to shut down a website for an hour or two, don’t they also have the capability to shut the website down permanently? Why do DDOSers stop their attacks after a few hours?

In: Technology

It basically comes down to one thing. Ransom. DDOS attacks can shut down a website essentially permanently, but they don’t need or want to. They instead shut down (Or threaten to shut down) a website who has a lifeblood in being online 24/7. Like a bank, or a news site, or a gambling site. They then charge the owner a ridiculous amount of money to stop the attack. Essentially holding the website hostage.

An attacker does usually have limited resources. When he runs his attack the malicious software becomes more visible and people start noticing them and shutting them down. Running the attack for shorter reduces the probability for the software to be discovered. If your Internet is slow for half an hour you may not think anything was wrong but after two hours you would have noticed that something was off and would have tried to find the source of the issue. Service providers also takes some time to notice the unusual behavior and start looking into the problem. So for an attacker it is much safer to run the attack for a shorter time and then attack again another time.

There is also other possibilities. The victim might often be able to mitigate the problem in an hour either by making costly changes to their infrastructure or by paying the attacker the ransom. For normal sized companies it takes about an hour to identify the issue, allocate funds to mitigate it and then implement the mitigation.

Because usually DDOS attacks are done using infected computers. And it becomes much apparent when it’s locking your internet and it comes back when you turn off that particular computer.