14 DAY TRIAL // ProtonMail, a secure email client located in Switzerland and dubbed by many "NSA-proof," is under a massive DDoS attack, for which it paid a $6,000 / €5,500 ransom to avoid.
As the company itself has explained, the attack started on November 3, and at the same time its employees received a ransom note from a hacking group known as Armada Collective.
Initially, ProtonMail was extorted by the Armada Collective hacking group
The group was using the same tactics as the DD4BC hacking crew, meaning it was threatening companies around the world with DDoS attacks, unless they received payment in their Bitcoin wallet.
ProtonMail ignored their email in the beginning, and an attack was launched the same night and took the service offline for 15 minutes.
Another attack followed the next day around 11 AM, but ProtonMail said that its provider took the appropriate steps to mitigate it.
At this point, things started to become "weird." A few hours later, as ProtonMail explains, the attacks surprisingly grew in both sophistication and bandwidth, reaching over 100 Gbps, and also targeting more of the ISP providers upstream infrastructure, attacking well-aimed weak points in its network. This took place around 2 PM.
At 3:30 PM, after 90 minutes of downtime for the entire ISP and facing pressure from other companies that were affected by the DDoS attack, ProtonMail gave in and decided to pay Armada's ransom.
ProtonMail paid the ransom, but the attacks continued
In spite of this payment, the DDoS attacks continued to hit the ISP, which comes on and offline at regular intervals, depending on the incoming DDoS traffic (ProtonMail is down at the time of writing this article).
ProtonMail says that after they paid the ransom and after further email exchanges with the Armada hackers about the subsequent DDoS, they denied any responsibility for the second wave of more sophisticated attacks.
Being a service that provides secure emailing services for dissidents and anti-government journalists from many countries, ProtonMail is now suspecting that the second wave of attacks is being carried out by a state-sponsored group that saw the perfect opportunity to take down a rival without detection.
ProtonMail is currently planning to migrate its services to a more advanced infrastructure with built-in DDoS mitigation. This will take some money to achieve, so the company has started a donations account with GoFundMe, named the ProtonMail Defense Fund.
We have launched a donation campaign to protect ProtonMail against future attacks. https://t.co/RnC8L99U0U pic.twitter.com/Z2BeCIbQBT
— ProtonMail (@ProtonMail) November 5, 2015
We are seeking a datacenter in Switzerland brave enough to host ProtonMail, many are afraid due to the magnitude of the attack against us.
— ProtonMail (@ProtonMail) November 5, 2015
We are experiencing a DDOS attack and some of our services will be unavailable. We will post updates on Twitter as we have more info.
— ProtonMail (@ProtonMail) November 3, 2015