Tag Archives: Switzerland

ProtonMail Pays $6,000 Ransom To Stop DDOS Attacks, Gets Taken Out By DDoS Anyway

Published by:

delete_email

A supplier of end-to-end scrambled email said it paid a payoff of just about $6,000 to stop exceptionally propelled disavowal of-administration assaults that thumped its systems, and the systems of some of its upstream suppliers, disconnected from the net.

In a blog entry distributed Thursday, authorities of Switzerland-based ProtonMail said they “grudgingly agreed” to pay 15 bitcoins, which at current valuations came to about $5,850 USD to the assailants in return for them stopping the DDOS strike. Indeed, even in the wake of paying the total, the crippling assaults proceeded. However at the time the blog entry was being written, the attacks had died down. The payment installment is creating challenge from commentators who say it will just empower more assaults. ProtonMail authorities said:

We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. Attacks against infrastructure continued throughout the evening and in order to keep other customers online, our ISP was forced to stop announcing our IP range, effectively taking us offline. The attack disrupted traffic across the ISP’s entire network and got so serious that the criminals who extorted us previously even found it necessary to write us to deny responsibility for the second attack.

The battle started not long after 12 pm on Tuesday, when ProtonMail got a blackmail email from a gathering of crooks said to be in charge of a series of DDoS assaults crosswise over Switzerland in the course of recent weeks. The message was soon trailed by an appropriated disavowal of-administration assault that went on for around 15 minutes. The assault continued at 11am that day and was at that point demonstrating “an uncommon level of refinement.” By 2pm, the surge of garbage movement came to volumes of 100 gigabits for each second and started focusing on ProtonMail’s datacenter and upstream suppliers, incorporating switches in Zurich, Frankfurt, and different areas where the ISP has hubs.

“This planned ambush on key foundation in the end figured out how to cut down both the datacenter and the ISP, which affected many different organizations, not simply ProtonMail.”

The blog entry went ahead to say:

Through MELANI (a division of the Swiss federal government), we exchanged information with other companies who have also been attacked and made a few discoveries. First, the attack against ProtonMail can be divided into two stages. The first stage is the volumetric attack which was targeting just our IP addresses. The second stage is the more complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated. This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us.

At present, ProtonMail’s infrastructure is still vulnerable to attacks of this magnitude, but we have a comprehensive long term solution which is already being implemented. Protecting against a highly sophisticated attack like the second one which was launched against us requires sophisticated solutions as we also need to protect our datacenter and upstream providers. Cost estimates for these solutions are around $100,000 per year since there are few service providers able to fight off an attack of this size and sophistication. These solutions are expensive and take time to implement, but they will be necessary because it is clear that online privacy has powerful opponents. In order to cover these costs, we are collecting donations for a ProtonMail defense fund.

The battle started not long after 12 pm on Tuesday, when ProtonMail got a blackmail email from a gathering of hackers said to be in charge of a series of DDoS assaults crosswise over Switzerland in the course of recent weeks. The message was soon trailed by an appropriated disavowal of-administration assault that went on for around 15 minutes. The assault continued at 11am that day and was at that point demonstrating “an uncommon level of refinement.” By 2pm, the surge of garbage movement came to volumes of 100 gigabits for each second and started focusing on ProtonMail’s datacenter and upstream suppliers, incorporating switches in Zurich, Frankfurt, and different areas where the ISP has hubs.

“This planned ambush on key foundation in the end figured out how to cut down both the datacenter and the ISP, which affected many different organizations, not simply ProtonMail.”

The blog entry went ahead to say: