NSA-proof ProtonMail Service DDoSed, Forced to Pay $6000 as Ransom

In 2014, a team of privacy advocates launched ProtonMail and claimed that it’s an NSA-proof email serviceThe service was such a massive hit that the developers came up with its Android and iOS apps.

But something went wrong this week with ProtonMail when it got under powerful DDoS attacks by unknown cyber criminals and forced to pay a ransom of about $6000 in order to stop them from DDoSing its servers.

According to the officials, ProtonMail (one of the end-to-end encrypted e-mail service providers) had continuous attacks on their network and criminals demanded ransom for stopping the attacks. The company paid 15 bitcoins which in conversion to USD are about $6000.

But, even after the payment was done the criminals didn’t hold up the attacks on company’s servers. Though initially in a blog post the company wrote about attacks being held up but company official soon wrote this:

“We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. Attacks against infrastructure continued throughout the evening and in order to keep other customers online, our ISP was forced to stop announcing our IP range, effectively taking us offline. The attack disrupted traffic across the ISP’s entire network and got so serious that the criminals who extorted us previously even found it necessary to write us to deny responsibility for the second attack.”

It all started Tuesday midnight when the company received an email for ransom from the same attackers who are believed to be involved in attacks all over Switzerland for last few weeks. Right after the email, a DDoS attack took place from the hackers which lasted over 15 minutes and shook the company’s servers.

Attackers then attacked the company’s servers at 11 am and for the next 3 hours the attacks kept on growing without relenting. By 2 PM Company’s server were receiving junk traffic at 100 GB per second and threatened the data center and upstream providers of the company.

A blog post from the company reflected more light on the attack, here is what is said:

“Through MELANI (a division of the Swiss federal government), we exchanged information with other companies who have also been attacked and made a few discoveries. First, the attack against ProtonMail can be divided into two stages. The first stage is the volumetric attack which was targeting just our IP addresses. The second stage is the most complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated. This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us.

At present, ProtonMail’s infrastructure is still vulnerable to attacks of this magnitude, but we have a comprehensive long-term solution which is already being implemented. Protecting against a highly sophisticated attack like the second one which was launched against us requires sophisticated solutions as we also need to protect our datacenter and upstream providers. Cost estimates for these solutions are around $100,000 per year since there are few service providers able to fight off an attack of this size and sophistication. These solutions are expensive and time taking, but they will be necessary because it is clear that online privacy has powerful opponents. In order to cover these costs, we are collecting donations for a ProtonMail defense fund”.

The FBI tells people to pay ransom in case of cyber attacks but critics believe paying ransom to the attackers was within itself a wrong step taken by the company as it will be motivating the attackers to carry out more attacks of this nature.

It’s still unclear who the attackers were as till now only suspicions of different experts are what on record we have, the full story is yet to be unraveled in upcoming days. So stay tuned! 

Pushpa Mishra

Pushpa is a Dubai based scientific academic editor who worked for Reuters' Zawya business magazine and at the same time a passionate writer for HackRead. From the very first day she has been a blessing for team Hackread. Thanks to her dedication and enthusiasm.