Reportedly, the REvil ransomware gang is using DDoS attacks to make huge ransom demands from victim companies VoIP Unlimited and Voipfone.
Two Internet and Telephony Service Providers (ITSP) in the United Kingdom, the South Coast-based VoIP Unlimited and London-based Voipfone, got their services disrupted for several days after suffering a series of Massive DDoS attacks.
VoIP Unlimited claims that the attackers made a ‘colossal ransom demand’ after the company sustained large-scale DDoS attacks. According to The Register, UK Comms Council has confirmed that these attacks were carried out by the infamous REvil ransomware gang [aka Sodinokibi, a ransomware-as-a-service (RaaS)].
The Council further added that other UK Session Initiation Protocol providers were targets of the REvil gang, which indicates that the group has launched a well-planned DDoS attack campaign against UK-based VoIP companies. Currently, it isn’t clear if other ITSP services providers are affected too.
It is worth noting that in July 2021, the REvil ransomware group vanished due to mounting US pressure after the Kaseya attack. The recent DDoS attacks suggest that the REvil gang has been targeting companies unannounced since its official website accessible through the TOR browser is still down.
DDoS attacks continued till Sep 3, 12:09 BST
According to Voipfone’s status page, the company’s SMS services, and inbound/outbound calls suffered outages as the company continuously received new DDoS attacks till Sep 3, 12:09 BST.
In a status update on Saturday, Sep 4, 13:34 BST, the company explained that the first attack took place on Monday and continued until Tuesday. The company further added that its services have been restored yet remained at risk of additional DDoS attacks.
Services are stable. Although, services remain at risk of further attacks. Our engineers continue to monitor closely across the weekend, the company said.
In a tweet on September 2nd, the company revealed “dealing with extortion-based DDoS attacks from overseas criminals.”
We’re sorry for the disruption to our services. We are dealing with an extortion-based DDoS attack from overseas criminals. We are taking measures to overcome these attacks but we are obviously very limited in the information we can make public. Please bear with us.
— Voipfone (@Voipfone) September 2, 2021
Details of the Attacks
According to VoIP Unlimited’s MD, Mark Pillow, the attacks started on August 31, at around 2 p.m. BST. The threat actors launched an “alarmingly large and sophisticated DDoS attack attached to a colossal ransom demand.” Resultantly, some of the company’s networks experienced a partial or complete loss of internet connectivity services.
However, those using its Ethernet and Broadband services remained unaffected. The company stated in an email that biz broadband services were live again after they resolved the problem yesterday, but they suspect the attackers to make a comeback anytime soon.
At the time of publishing this article, VoIP Unlimited’s status page showed its services have been restored.
According to the Register’s report, both the attacks seem to be the work of the same group as these occurred over the Bank Holiday weekend, during which their networks were flooded with bogus traffic from thousands of compromised devices.
REvil means bad news
For those unaware of REvil’s activities; the group is known for targeting high-profile businesses and organizations. The same group was also behind the breach against the following companies:
5. Sol Oriens