Feeds

WorldPay struggles under DDoS attack (again)

Systems safe but running at a crawl

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

WorldPay, the Royal Bank of Scotland's internet payment transaction outfit, is continuing to fight a sustained internet attack which has left its services largely unavailable for a third successive day.

Since Saturday (2 October), WorldPay's online payment and administration system has been reduced to a crawl, due to a malicious DDoS attack by unidentified computer criminals. A spokesman for the company stressed that although is fighting a serious "denial-of-service" attack, its systems is uncompromised and customer data remains secure. "We are processing transactions securely but the attack is blocking our ability to operate normally. We apologise unreservedly for any inconvenience caused," he added. WorldPay's techies are working overtime to restore service but can't say when normal service will be restored.

In a notice to customers on Saturday (2 October), WorldPay said: "We regret that access to our payment and administration systems is severely disrupted due to a planned and large scale Denial of Service (DDOS) attack by a third party. Our payment and administration systems are working, safe and secure, but the networks around them are being flooded with requests on a huge scale, causing 'service denials'. We are processing payments, but far slower and fewer than we normally would.

"We are executing our contingency plans to move to full restoration of the service but cannot at this point in time predict when all customers will have the service restored without further interruption. While attacks of this type can be anticipated, it does take time to identify and deal with the exact nature of a particular attack. We are doing everything that is possible to restore a full service as soon as is possible," it added.

Users are advised to check WorldPay's customer service portal for updates. WorldPay was the subject of a similar three-day long denial of service attack last November.

One Reg reader writes: "Looks like they have not learned much from last year/s dos attack as the service has been down for most of the day. We have lost thousands in orders."

A WorldPay spokesman said the vast majority of customers had been supportive and understanding. He noted that many businesses had experienced DDoS attacks in recent months. Many of these attacks have been linked to extortion attempts, but WorldPay declines to say if it has received any demands from its attackers. ®

Related stories

UK banks launch anti-phishing website
US credit card firm fights DDoS attack
Feds bust DDoS 'Mafia'
DDoSers attack DoubleClick
Online extortionists target Cheltenham
WorldPay recovers from massive attack

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.