ProtonMail paid a $6000 Ransom to stop DDoS Attacks

Pierluigi Paganini November 06, 2015

ProtonMail has paid a $6000 Ransom to stop prolonged DDoS attacks that knocked its services offline since Tuesday. Unfortunately, the attacks are continuing.

The popular encrypted email service ProtonMail has suffered a prolonged major DDoS attack that knocked it offline since Tuesday. It was an extortion attempt, the attackers requested a ransom in order to stop the DDoS attack on the services of the company.

The company decided to pay a Ransom of almost $6,000 to stop the sustained Denial-of-service (DDoS) attacks, at the time of writing the ProtonMail encrypted email service is still down.

The news related the decision of ProtonMail of paying the ransom was published in an official statement posted on a the protonmaildotcom.wordpress.com blog  on Thursday.

“As many of you know, ProtonMail came under sustained DDOS attack starting on November 3rd, 2015. At the current moment, we are not under attack and have been able to restore services, but we may come under attack again.” states the post.

protonmail DDoS

The representatives of the ProtonMail explained that the company was victim of a powerful DDoS attack by an unknown group of hackers that requested 15 Bitcoins (about $5,850) in exchange for them stopping the DDoS attacks.

The hackers requested the payment of 15 Bitcoin on the address “1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y.” Below the history associated to this specific account used by crooks.

protonmail ransom bitcoin

The real problem is that even if the company has paid the ransom the DDoS attacks continued, the attackers’ motivation is still unclear.

“We hoped that by paying [ransom], we could spare other companies impacted by the [DDoS] attack against us, but the attack continued nevertheless.” “Attacks against [key] infrastructure continued throughout the evening and to keep other customers online, our ISP [Internet Service Provider] was forced to stop announcing our IP range, effectively taking us offline.”

This coordinated assault on [our] key infrastructure eventually managed to bring down both the ISP and the datacenter, which impacted hundreds of other companies, not just ProtonMail,” the company wrote.

ProtonMail is working to restore the service and is supporting the investigation conducted by the Swiss Governmental Computer Emergency Response Team (GovCERT), the Cybercrime Coordination Unit Switzerland (CYCO), and the Europol.

Below the description of the attack provided by ProtonMail:

“Slightly before midnight on November 3rd, 2015, we received a blackmail email from a group of criminals who have been responsible for a string of DDOS attacks which have happened across Switzerland in the past few weeks. This threat was followed by a DDOS attack which took us offline for approximately 15 minutes. We did not receive the next attack until approximately 11AM the next morning. At this point, our datacenter and their upstream provider began to take steps to mitigate the attack. However, within the span of a few hours, the attacks began to take on an unprecedented level of sophistication.” states the post. “At around 2PM, the attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself. The coordinated assault on our ISP exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just ProtonMail.”

The company has confirmed that customer data are not affected by the ongoing attacks, they are “secure and untouched.”

ProtonMail’s also explained that its systems are still vulnerable to attacks of this magnitude, but it is thinking for a definitive solution to mitigate these events. The problem is that such kind of solutions is very expensive, the company requested users to Donate to the ProtonMail Defense Fund.

“At present, ProtonMail’s infrastructure is still vulnerable to attacks of this magnitude, but we have a comprehensive long term solution which is already being implemented. Protecting against a highly sophisticated attack like the second one which was launched against us requires sophisticated solutions as we also need to protect our datacenter and upstream providers. Cost estimates for these solutions are around $100,000 per year since there are few service providers able to fight off an attack of this size and sophistication”

The practice to hit companies with sustained DDoS attacks is quite common, according to a report published by Akamai in September, the DD4BC criminal group has been responsible for at least 114 DDoS attacks on its customers.

Pierluigi Paganini

(Security Affairs – ProtonMail, DDoS)



you might also like

leave a comment