How a Game Company Defeated a 300G DDoS Ransom Attack with Cloud Defense

Case Overview

Chinese internet companies expanding overseas increasingly encounter DDoS threats. A game developer was hit by a 70 GB DDoS attack in December 2019, which turned out to be a prelude to a larger ransom attempt.

Ransom Threat

The hacker group “A‑Record” demanded payment, warning that refusal would trigger a bigger attack. The company’s manager, Mr. G, refused to pay.

Escalation to 300 GB Attack

Later that day the attackers launched a 300 GB peak traffic assault, using DNS and LDAP reflection, TCP SYN Flood, ACK Flood, and mixed IP‑layer attacks for a total of 73 minutes and 39 PB of traffic.

Similar large‑scale attacks have crippled services such as the OKEx exchange, demonstrating the severity of such threats for game businesses that rely on continuous network availability.

Defense Strategy

UCloud’s security center intervened early, deploying elastic protection measures: high‑defense IP allocation, custom forwarding rules, and fine‑grained policies that concealed the origin servers.

All malicious traffic was redirected to UCloud’s high‑defense IP nodes, each with a 1 TB attack ceiling, effectively absorbing the 300 GB surge and forcing the attackers to retreat.

Attack Method Analysis

Reflection‑amplification attacks (DNS, LDAP) that multiply small requests into massive responses.

Traditional SYN and CC floods.

Mixed IP‑layer packet attacks.

Reflection attacks are cost‑effective for attackers, achieving “four ounces move a thousand pounds” by leveraging open resolvers.

Public‑Cloud DDoS Mitigation Guide

Beyond standard high‑defense services, UCloud has developed Anycast global cleaning technology, leveraging worldwide BGP announcements and dedicated backhaul to disperse attack traffic across multiple nodes.

Anycast cleaning can scale without limit, redirecting massive traffic to overseas nodes in Frankfurt, Washington, and Taipei, thereby diffusing the attack and protecting the target.

Conclusion

Facing DDoS ransomware requires determination, robust technology, sufficient resources, and operational experience. With strong resolve and solutions like elastic protection and Anycast cleaning, organizations can neutralize even the largest attacks, and UCloud continues to enhance its capabilities to safeguard customers.