Malicious individuals targeted a food delivery website located in Germany with a distributed denial-of-service (DDoS) attack.
Jitse Groen, founder and CEO of the Germany-based food delivery service Takeaway (Lieferando.de), announced on March 18 that his company had suffered a DDoS attack.
A #ddos attack on a food delivery website @takeaway in the middle of a public health crisis. I hope you sleep well at night. @thuisbezorgd @lieferando @pysznepl pic.twitter.com/YMwSJUOoJn
— Jitse Groen (@jitsegroen) March 18, 2020
In the picture included in Groen’s tweet, those responsible for the DDoS attack demanded that Takeaway pay a ransom amount of 2 bitcoin (worth approximately $11,000 at the time of writing).
The malicious actors told Takeaway that they would “help you protect you company” if they complied with their demands. Even so, they threatened to attack other websites operated by Takeaway if the company met them with non-compliance.
Shortly after Groen issued his tweet, Lieferando.de tweeted out its own disclosure about the attack.
Unsere Systeme wurden angegriffen und werden derzeit gewartet, um die Sicherheit aller Daten zu gewährleisten. Dies kann zu einer Verzögerung bei der Auftragsabwicklung führen. Wir entschuldigen uns für diese Unannehmlichkeiten und hoffen, bald wieder normal arbeiten zu können. https://t.co/2m00je8xHe
— Lieferando.de (@lieferando) March 18, 2020
Here’s the English translation, as provided by Google Translate:
Our systems have been attacked and are currently under maintenance to ensure the security of all data. This can lead to a delay in order processing. We apologize for the inconvenience and hope to return to normal soon.
Some customers responded to Lieferando.de’s tweet with complaints that the company had accepted new orders despite its systems being unavailable due to the DDoS attack. In response, the company issued a subsequent tweet in which it reassured customers that that it was willing to refund orders which it had failed to deliver due to the attack. It asked customers to reach out by email so that they could file a refund claim for an order processed online.
Lieferando.de was back online at the time of writing.
It was unclear from the food delivery service’s website as well as from Bleeping Computer’s coverage of the DDoS attack whether Takeaway.com had agreed to pay the ransom demand.
The attack described above highlights the need for organizations to defend themselves against a distributed denial-of-service attack. Organizations can use this resource to familiarize themselves with this type of attack and learn about anti-DDoS attack best practices.