Late Tuesday, the company received an email asking for a ransom by group that was planning a distributed denial-of-service attack (DDoS).
Advertisement
But despite paying up, the web attacks continued, leaving Protonmail struggling to operate. It said it planned to sign up with a commercial service that can defend against the attacks but this would be likely to cost it more than $100,000 (£66,000) a year.
Nevertheless, it said, this failed to prevent the assaults which continued to cause difficulties for a number of other businesses.
At this point you may assume that the story is over – after all, many gangs behind online ransom crime do indeed unlock files or cease attacks when the cash is handed over – because good “customer service” ensures the next victim pays too.
Slightly before midnight on November 3rd, 2015, we received a blackmail email from a group of criminals who have been responsible for a string of DDOS attacks which have happened across Switzerland in the past few weeks.
The first attack knocked out Protonmail for about 15 minutes and then stopped. Despite the best efforts of its datacenter and upstream provider, ProtonMail toppled over in the face of what it calls “an unprecedented level of sophistication”, as a coordinated attack exceeded 100 Gbps.
Due to the pressure put by the third parties to pay the ransom and restore the system, ProtonMail agreed and at 3:30 Pm Geneva time a ransom was paid to the Bitcoin address: 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y.
Post-strike investigation indicates Protonmail was targeted in two stages, the organization said.
The encrypted email provider has described the cyberattack as “the most sophisticated” in Swiss history.
This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors.
It said: “The attack disrupted traffic across the ISP’s entire network and got so serious that the criminals who extorted us previously even found it necessary to write us to deny responsibility for the second attack”.
Protonmail said that despite the ISP’s work to harden itself against assault, it was exposed to DDoS data deluges.
“Because of the sophistication of this attack, we will also need to resort to quite expensive solutions which will burden our finances. It is for this reason that we are also collecting donations for a ProtonMail defense fund”, ProtonMail says.
This further onslaught comes on the back of ProtonMail “grudgingly” paying the ransom that had been demanded by the attackers (15 bitcoins that are worth about $6,000).
Advertisement
“Our primary data centre is located under 1,000 meters of granite rock in a heavily guarded bunker which can survive a nuclear attack”, it continues.
