Barrage of DDoS Attacks Bring Down ProtonMail; $6K in BTC Ransom Paid

Secure mail service provider ProtonMail has again come under renewed DDoS attack and the email service has gone offline inconveniencing its users. This is yet another high-profile case involving Bitcoin ransom which has come to light!

The mail service was created to ensure the safety and privacy of the users but in a rather unusual event it is now facing an unprecedented challenge as it came under sustained and aggressive DDoS attacks which began on November 3rd, 2015.

In a statement titled DDoS Update it even requested experts to help in the following words:

“If you or someone you know has experience with mitigating enterprise level DDOS attacks, we welcome your expertise.”

In another statement, ProtonMail described the attack as unprecedented in size and scope and also said that now it will have to resort to expensive solutions which will be a burden on its finances.  Therefore, it is now requesting donations for its ProtonMail Defense Fund. At this time of writing, ProtonMail has raised $14k+ of its $50k target.

As per news reports by Forbes and The Guardian, 15 Bitcoin or about $6,066 have been paid in ransom.

Terming the operation as a “cyberattack” the email service said that it is working with the Swiss Governmental Computer Emergency Response Team (GovCERT), the Cybercrime Coordination Unit Switzerland (CYCO) and Europol, as part of an ongoing criminal investigation.

Further, it revealed that it had received a blackmail email on 3^rd November from a group of criminals, which, it said, were being held responsible for a string of DDOS attacks which had happened across Switzerland in the last few weeks.

Due to the pressure put by the third parties to pay the ransom and restore the system, ProtonMail agreed and at 3:30 Pm Geneva time a ransom was paid to the Bitcoin address: 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y.

However, the attacks keep on happening.

Later, the first set of criminals, who extorted the Bitcoin ransom, wrote back and denied that they were behind this brutal wave of attacks.

Calling the second stage as the more complex attack as it targeted weak points in the infrastructure of the ISPs, it noted that such attacks have not been observed in any other recent attacks on Swiss companies.

In short, ProtonMail was likely attacked by two separate groups, and the second group exhibited capabilities which are possessed commonly by state-sponsored actors.