suffering through sophisticated ddos attack

So I’m reading over at Naked Security of suffering a DDoS over the past week and a CEO post that said:

The extortion dollar amount suggests this to be the work of amateurs, but the attack is sophisticated.

Amateurs with a sophisticated attack. Wait what? Dropping the S word gives me Sad face.

Anyway, this is a great chance for discussion on how a business would go about preventing DDoS and/or reacting to it at the moment it happens (assuming some or no prevention in the first place). DDoS is not *that* sophisticated of an attack, but prevention and reaction is often sophisticated. Oh, and expensive.

Having not actually worked at a company that suffered a DDoS attack, I’d only be guessing based on research and second-hand info, so I’ll just sit around with some popcorn for the moment.

This is also a great opportunity for to show off what they *did* do for this sort of attack. Though I doubt they have a more technical blog, which is a shame.