Swiss-based encrypted email provider ProtonMail – developed at the CERN research facility in 2013 to withstand surveillance by the world’s increasingly inquisitive intelligence agencies – has revealed that it handed over 15 bitcoins (about $6000/£4000) to stop a Distributed Denial of Service (DDoS) attack.
With the company’s main site still down, ProtonMail took to WordPress to explain the situation, saying:
Slightly before midnight on November 3rd, 2015, we received a blackmail email from a group of criminals who have been responsible for a string of DDOS attacks which have happened across Switzerland in the past few weeks.
Shortly afterward, the company explained, it came under a DDoS attack which took it offline for around 15 minutes.
On 4 November, a further attack was initiated at approximately 11:00. Despite the best efforts of its datacenter and upstream provider, ProtonMail toppled over in the face of what it calls “an unprecedented level of sophistication”, as a coordinated attack exceeded 100 Gbps.
As the scope of the attack increased, it wasn’t just the company’s datacenter that was knocked out but also the ISP it used, thereby impacting hundreds of other firms.
It was this collateral damage, the company said, that led to it coughing up the Bitcoin:
At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time.
At this point you may assume that the story is over – after all, many gangs behind online ransom crime do indeed unlock files or cease attacks when the cash is handed over – because good “customer service” ensures the next victim pays too.
But in this case, the DDoS attack was not called off. Indeed, at the time of writing, protonmail.com is still inaccessible.
Taking to Twitter, the company reiterated why it gave in to blackmail, saying:
Over 100 companies were taken offline from the attack against us. Impacted companies asked us to pay, we couldn't refuse.
Responding to questions on the social network, ProtonMail confirmed that many of the companies who had asked it to pay up had contributed to a defence fund (its already raised $14,000 of its $50,000 target) set up to help it improve its infrastructure in a bid to thwart future attacks.
In slightly better news, customers of the service, which has around half a million users, can breathe easy, safe in the knowledge that their “data is safe and untouched.”
As the criminal investigation continues, ProtonMail says it is working with the Swiss Governmental Computer Emergency Response Team (GovCERT) and the Cybercrime Coordination Unit Switzerland (CYCO), with added assistance from Europol.
2 comments on “Encrypted email provider ProtonMail caves in to extortion, hands over $6000”
Can’t wait to hear next week that they are being attacked again and this time have to pay $100k
It is always a temptation to an armed and agile nation
To call upon a neighbour and to say: —
“We invaded you last night–we are quite prepared to fight,
Unless you pay us cash to go away.”
And that is called asking for Dane-geld,
And the people who ask it explain
That you’ve only to pay ’em the Dane-geld
And then you’ll get rid of the Dane!
It is always a temptation for a rich and lazy nation,
To puff and look important and to say: —
“Though we know we should defeat you, we have not the time to meet you.
We will therefore pay you cash to go away.”
And that is called paying the Dane-geld;
But we’ve proved it again and again,
That if once you have paid him the Dane-geld
You never get rid of the Dane.
It is wrong to put temptation in the path of any nation,
For fear they should succumb and go astray;
So when you are requested to pay up or be molested,
You will find it better policy to say: —
“We never pay any-one Dane-geld,
No matter how trifling the cost;
For the end of that game is oppression and shame,
And the nation that pays it is lost!”