Crypto e-mail provider ProtonMail pays ransom to stop DDoS attack, attack continues

Switzerland-based end-to-end encrypted e-mail provider ProtonMail has been on the receiving end of a heavy DDoS attack since Tuesday, November 3, and unavailable to its users for hours on end.

ProtonMail has paid the asked-for ransom (15 bitcoin – around $6,000) to temporarily halt the onslaught as they are working on hardening their infrastructure against similar attacks.

The attackers started by flooding the service’s IP addresses, then the datacenter in Switzerland where ProtonMain has their servers.

“The coordinated assault on our ISP exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just ProtonMail,” the admins explained.

The fact that other companies were affected is what spurred ProtonMail to pay the ransom to stop the attack. But, despite this, the attack continued, and the criminals claimed that they weren’t the ones behind the second attack.

“Through MELANI (a division of the Swiss federal government), we exchanged information with other companies who have also been attacked and made a few discoveries,” the admins shared.

“First, the attack against ProtonMail can be divided into two stages. The first stage is the volumetric attack which was targeting just our IP addresses. The second stage is the more complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated. This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us.”

The admins are working on setting up protection against DDoS attacks of this magnitude, but are asking users to chip in with donations.

“Cost estimates for these solutions are around $100,000 per year since there are few service providers able to fight off an attack of this size and sophistication. These solutions are expensive and take time to implement, but they will be necessary because it is clear that online privacy has powerful opponents,” they noted.