Although unconfirmed; the notorious REvil ransomware gang could be behind the DDoS attacks on VoIP.ms.
A Quebec-based Internet phone service provider VoIP.ms, which offers voice-over-IP services, has been down since September 17th. Reportedly, the firm is being held to ransom after becoming a victim of a massive and sustained DDoS attack. The assault has severely disrupted its operations.
It is worth noting that VoIP.ms offers services to businesses worldwide.
How did it start?
According to VoIP.ms, the attacks started on September 16th, targeting their DNS name servers and other infrastructure, disrupting their telephony services due to which people couldn’t make or receive calls.
To restore phone service, the company’s customers are urged to point at servers outside of their locality since DNS wasn’t working, but this didn’t work because attackers started targeting that IP address directly.
The company then moved its website and DNS servers to Cloudflare, but its VoIP infrastructure still faced issues as the DDoS attacks continued despite some success.
The company executive said the attack didn’t hurt the business as they can “work by e-mail,” but he admitted that the incident is an “annoyance right now.” But, he believed that other firms, particularly those that resell VoIP.ms services, could be in trouble. This has already happened as a user of the service in Ottawa complained about service disruptions. However, its primary website is operational and undamaged.
In a series of tweets, VoIP.ms has been informing its clients and customers around the globe about the current status of its operations. The company noted that the attack targeted its websites and POP servers, and its team is working hard to resume the services.
“Distributed Denial of Service (DDoS) attack continues to be targeted at our Websites and POP servers. Our team is deploying continuous efforts to stop this however the service is being intermittently affected … We apologize for all the inconveniences.”
“All the team at http://VoIP.ms continues to work hard on recovering all services as soon as possible. With the help of internal and external specialists, all efforts and resources are being put into stabilizing our website and voice servers,” the company tweeted.
In another tweet, VoIP.ms explained that several services have already been resumed. The “fully functional” services include SMS, MMS, Recordings, Call Recordings, and Conference Recordings. The company has 23 servers in Canada and 42 in the USA.
REvil behind these DDoS attacks?
A Twitter account claiming to represent the notorious REvil ransomware gang is claiming responsibility for the attack. The gang also posted a Pastebin link to their ransom note demanding 1 bitcoin (approx. $45,000) to stop the attacks.
While VoIP.ms has yet to respond to their demand, it is important to note that this isn’t the first time the REvil gang has targeted telephony service providers with DDoS attacks and demanded ransom.
Earlier this month, the gang targeted two ITSP services providers in the UK, VOIP Unlimited and Voipfone. They disrupted their services through a series of DDoS attacks and made “colossal” ransom demands.