If you use a webhost, such as Wordpress, the host will usually provide some website analytics for you through their online portal. Contacting the web host directly may also help you find this information. If you host your own web servers and use a website monitoring service, such as Loggly or Wireshark, use their software to identify patterns in your traffic. If you do not have a monitoring program set up already, you may not be able to access this data without using advanced commands. Try contacting your internet provider.

Ask yourself, is this attack coinciding with another event? For example, if you just launched a new program or if your company was in the news recently, consider if you could have been targeted. [3] X Expert Source Luigi OppidoComputer & Tech Specialist Expert Interview. 13 November 2020.

If your site or server has been overwhelmed with SYN (or synchronized) packets, you likely have a Transmission Control Protocol (TCP) flood. If you were overwhelmed by ping packets, you may have an Internet Control Message Protocol (ICMP) flood. If you have been overwhelmed with User Datagram Protocol (UDP) packets or Domain Name System (DNS) queries, you may have a UDP flood. You don’t need to know what these packets are doing. You just need to identify what type is flooding your system so that your internet provider or host can reduce the flood. If you can’t identify the type of traffic, don’t worry. There are many different types of DDoS attack. Your provider may be able to help you when you report the attack.

If you were asked to make a crypto currency payment, save the information that the attacker gives you, including their wallet address, transaction receipts, email address, and type of currency used. Print off emails and store them in a safe place. Forward them to another safe address as well.

Sometimes, web hosting services come under DDoS attacks themselves, which can affect every website they host. If this is the case, your hosting service should notify you. They will handle the DDoS attack from there.

Many internet providers have emergency numbers listed on their website for situations like this. Call these numbers for immediate help.

Provide as much detailed information as possible. Provide any information about packet sizes, types of protocols used, or the source of IP addresses to help the investigators.

Your internet provider may recommend scaling up your website. This means that they will increase your bandwidth to protect against future attacks.

In the US, file a complaint online with the FBI’s internet crime complaint center here: https://www. ic3. gov/default. aspx. [11] X Expert Source Luigi OppidoComputer & Tech Specialist Expert Interview. 13 November 2020. In the UK, call 0300 123 2040 to report the attack to the National Fraud and Cyber Crime Reporting Centre. In Australia, submit an online report to the Cyber Security Center here: https://www. acsc. gov. au/incident. html. In Canada, contact your local police department.

When the attack started and ended. If the attackers asked for a ransom and whether you paid it. If you were threatened before the attack. What protocols (UDP/DNS, TCP, or ICMP) were used in the attack. Any unusual patterns or observations during the attack.

You published something with a different ideology than the attacker. You have a competitor or rival. The attack was a distraction to try to steal data from your website or company.

If you already paid a ransom to the attackers, give the investigators the attacker’s crypto currency wallet address or email address. If the agency decides to pursue a case against the attackers, you may be asked for hard copies of your evidence, including emails, payment transactions, or screenshots of the attack. Keep the original copies in a safe place.

State how you earn income from the website. For example, you might sell products, offer online services, or earn money through advertising. Try to come up with estimate of your total losses, based on how much money you typically make in an hour or day from your site. Report any customer or user complaints to help emphasize how the attack affected your network.

If law enforcement decides to investigate and prosecute your attackers, you may be asked to supply copies of evidence, such as emails or screenshots of the attack. If they have not decided to investigate at this time, they will notify you. You may be asked to keep your documents in a safe place, just in case they decide to prosecute in the future.