Encrypted email service provider ProtonMail recently and grudgingly gave in to a ransom demand of 15 bitcoin (approx $6000) to attackers who targeted the service with destructive Distributed Denial of Service (DDoS) attacks.
ProtonMail, an encrypted email service set up by CERN scientists in Geneva and researchers at MIT, has revealed crippling DDoS attacks to be the cause of a recent outage suffered by the crypto e-mail service provider. Two groups are believed to be behind the attacks, one of which began the cyber-strikes and put forth the ransom demand.
The website remains down at the time of publishing due to an overwhelming second attack leading to fears that the pro-encryption email service provider may be targeted by state-sponsored actors making for the second group who continued the attacks.
ProtonMail co-founder Andy Yen released updates through the email provider’s WordPress blog, revealing an initial attack that flooded the ProtonMail’s IP addresses. He confirmed the attacks spread to company’s datacenter in Switzerland while assuring users that the company’s core technology of end-to-end encryption remained untouched.
The datacenter where ProtonMail houses its servers also contained servers of other banks and tech companies, all of whom were affected. With increasing pressure from these companies including ProtonMail’s ISP itself, the company revealed it grudgingly transferred the sum of 15 BTC to the cybercriminal gang who used this Bitcoin address. However, things only got from bad to worse.
A timeline of events goes:
Yen revealed that the group responsible for the initial attacks that came with the ransom demand even wrote in to deny responsibility of the crippling second attack.
The bitcoin address used for the ransom demand also had several public notes to publicly deny their involvement in the second string of attacks.
We are not attacking ProtonMail! Our attack was small, directed at their IP only and lasted 15 minutes only!
WE DO NOT HAVE THAT POWER! NOT EVEN CLOSE!
We have no such power to crash data center and no reason to attack ProtonMail any more!
ProtonMail’s blog added:
The second attackers [are] exhibiting capabilities more commonly possessed by state-sponsored actors.
The service, primarily created to ensure secure communication and privacy to activists, whistleblowers, journalists, and dissidents among other vulnerable groups has — as a result of the crippling hacks — launched a GoFundMe campaign to secure funds that will be used to invest in better cybersecurity measures, solutions that will cost around $100,000 a year, ProtonMail confirmed.
Last modified: May 21, 2020 10:59 AM UTC