Appears to be mostly back up, albeit very unstable. They needed several attempts so I guess attackers had a few attack vectors and switched those every time one was closed. Which points to a well prepared attack, not just a script kiddy renting a few AWS servers.