Virgin Media ddos report 5/25/2020

Our IP via Virgin Media was attacked by a who we believe to be a 15 year old playing from 174.255.197.256, he used to play on our Minecraft Server when he was 8 – 10, back then he was an average nice player who got along with everyone and now years later he came back only to start causing trouble, first he claimed that our server is insecure when we’ve been running our Minecraft server very successfully since early 2011 and he started trying to exploit the game, after failing that he then claims to have a way of ddosing people. Normally this would be something not so bad, one of the worse we’ve ever had was around 50 computers pinging at the same time, but this one however was around 5000+ active connections spamming random packets to everything on the network, he was able to take down Our Internet and the Free Internet we provide to our neighbors during the lockdown and froze everything to a halt, even a basic http request would take upto 30 seconds to gather a response (not including its content) and we have a £1200 Network switch by Netgear we got from a local computer recycling centre and even that was flooded due to the packets bouncing around from the router, resulting in local network shares becoming inaccessible whilst connected to the Virgin Media Router, This caused a lot of problems for not only us but also for our Players all the way in the US and Germany, Our neighbors using our Free Lockdown Wifi, Family members gaming online and others streaming music/YouTube. Here’s a total of everyone this effected (Playing Minecraft: 5 | Playing Online Games: 1 | Using our Free Wifi 6 | streaming YouTube: 2) that’s 14 people lost there access multiple times because of this 15 year olds fun, However the way this attack specifically was run shows that he has Infected many computers in order to create his BotNet, Each incoming packet was from a different IP, and a quick nmap on a few of these IP’s shows them to be just basic home users, no servers or anything like that, just people that he has managed to get to install a piece of software containing the malicious BotNet server. There’s not really any way of notifying the infected users as we only have there IP and his botnet will only grow bigger unless this is looked into further by the proper authority
For now we are checking out the IP’s he has connected on in the past using a slow Nmap scan to trackdown his current and previous ISP and have someone to get information him including location
Below are times of attacks so far:
Time of attack 1 (around 1400 IP’s spamming packets)
Started 6:56PM – 6:57PM
Time of attack 2 (upto 3000 IP’s Spamming Packets)
Started at 6:57PM and ended at 7:00PM
Time of attack 3 (around 5000 IP’s spamming packets)
Started at 7:23PM and ended at 7:39PM
Time of attack 4 (arround 1400 IP’s spamming packets)
Started at 7:56PM and ended at 7:58PM

Edit:
27/05/2020 logged into minecraft server with the name “nigger” from an AT&T Mobile conection, The location service matches his location in