Picking Up The Pieces: How to Recover from a DDoS Attack

Picking Up The Pieces: How to Recover from a DDoS Attack


It’s a terrifying thought, really. Thanks to the Internet of Things, we’re going to see DDoS attack larger than any in history. And I’m not just referring to botnets like Mirai, which crippled large swaths of the Internet earlier this year.

The fact is, the world we live in is a perfect storm for massive, globe-spanning botnets. IoT devices with abysmal security flood the market, and no one is entirely certain who to hold responsible for hardening them. And the cybercrime-as-a-service industry is taking off in earnest, allowing even criminals who aren’t especially tech-savvy to purchase malware and ransomware, rent botnets, and more.

Picking Up The Pieces_ How to Recover from a DDoS Attack

The worst part about all this is that there’s really no way to prevent a DDoS altogether. If you’re hit with one, all you can do is hope and pray that your mitigation tools are enough to prevent it from bringing down your network. It’s the equivalent of driving a truck through the front window of a store.

Certainly, it’s inelegant. But it works. And as a result, DDoS attacks have remained an enduring part of the digital threat world for decades.

So, let’s say you’re stumbling your way through the aftermath of a DDoS. How do you restore your operations to normal? How do you make the transition from ‘dazed, stunned silence’ to ‘business as usual?’

  • First, do a thorough inventory of your systems and data. Many times, DDoS attacks are used as a smokescreen for another, more sophisticated attack. If you’ve been targeted, someone may have breached a critical server and made off with sensitive files.
  • Next, re-establish any transit and peering connections dropped during the attack. Depending on how your routers and switches are configured, this could be a simple process or a complex, time-consuming one. Announce your network as soon as you’re able once your connections are re-established.
  • Check and restart your applications. Make sure you choose very carefully which apps and systems to restart first. Doing things in the wrong order could leave your systems unprepared for the surge of traffic that often accompanies re-establishment of services after an outage.
  • Contact your ISP. There’s a chance they locked you off during the DDoS attack to conserve bandwidth. You’ll need to notify them that the attack is over.
  • Gradually reconnect customer and client sessions – don’t allow everyone to surge forward in unison. Again, this is a matter of preventing a secondary outage after the attack.
  • Once your systems are all back in working order, contact customers and clients to let them know the attack is over – and apologize to them for the inconvenience it caused.
  • Start looking into how this DDoS happened, and what you can do to protect against it in the future.

The aftermath of a DDoS attack is both costly and complex. However, if you follow the steps outlined above, you can transition back into working order as smoothly as possible.

Follow Liberty Center One:

Subscribe with Feedly