Email Services Worldwide Blackmailed With DDoS Attacks

The email companies were hit with a DDoS attack, then demanded to pay a ransom in Bitcoins.
Email Services Worldwide Blackmailed With DDoS Attacks
Map of insecure / misconfigured devices running Simple Service Discovery Protocol, which makes them vulnerable to denial-of-service attacks, in Europe, where the string of attacks started The Shadowserver Foundation
Jonathan Zhou
Updated:

The Australian email provider FastMail was hit with a distributed denial-of-service (DDoS) attack on Sunday, Nov. 8, accompanied by an extortion note that the attacks would continue unless they paid a $7,500 ransom. The company said in a blog post Nov. 11 that it would refuse to be extorted, and to expect disruptions in service as the attacks continue.

“We do not respond to extortion attempts, and we will not pay these criminals under any circumstances,” FastMail wrote. “

We have dealt with DDoS attacks before, and have recently been strengthening our defenses to deal with such issues.”

A string of email services have suffered from DDoS attacks and blackmail attempts in the past week, including Runbox, Zoho, Hushmail, and the earliest victim, the Swiss-based ProtonMail. Some of the attacks are believed to originate from a hacker group called the Armada Collective.

We do not respond to extortion attempts, and we will not pay these criminals under any circumstances.
, FastMail

An advisory from the Swiss Governmental Computer Emergency Response Team on Oct. 22 said that the group targets its victims with a demo DDoS attack from 300Mbit/s up to 15GBit/s for half an hour, then sends a ransom note for 10 bitcoins laced with the threat of larger attacks.

On Nov. 4, a day after the first attack, ProtonMail paid a ransom of 15 bitcoins, around $6,000 at the time, to the Armada Collective. The attacks paused, then continued on a larger scale, with data-centers forced to go offline. The Armada Collective denied responsibility for the second attack, and ProtonMail said that the magnitude of the attack suggested that “state-sponsored actors” were involved.

“Given the sophistication of the attack used by the second group, we believe they may have been preparing their attack against us for some time,” ProtonMail said in a blog post. “After seeing the first attack, they chose to strike immediately afterward in the hopes that they would not be discovered as being a separate attacker.”

ProtonMail said that the cost of defensive solutions against the second attack could be upward of $100,000 and that it will later publish a detailed report on the attacks.

DDoS attacks are coordinated efforts to take down websites with floods of traffic from a botnet, a swarm of computers that have been hijacked and are used without the knowledge of its owner.

Though crude, DDoS attacks remain an effective tool in the hacker’s arsenal, with the problem often exacerbated by manufacturers that unintentionally leave a backdoor for hackers.

Last week, Austrian security firm SEC Consult published data that suggested that 600,000 Internet routers made their customers easy pickings for hackers by having remote administration access switched on by default.

ProtonMail is the only victim of the recent bout of attacks to disclose it paid ransom to the attackers. In addition to FastMail, Zoho has also declared that it was targeted for extortion, but the company hasn’t commented on whether it would pay or not.

Jonathan Zhou
Jonathan Zhou
Author
Jonathan Zhou is a tech reporter who has written about drones, artificial intelligence, and space exploration.
Related Topics