Encrypted email provider ProtonMail caves in to extortion, hands over $6000


Swiss-based encrypted email provider ProtonMail – developed at the CERN research facility in 2013 to withstand surveillance by the world’s increasingly inquisitive intelligence agencies – has revealed that it handed over 15 bitcoins (about $6000/£4000) to stop a Distributed Denial of Service (DDoS) attack.

With the company’s main site still down, ProtonMail took to WordPress to explain the situation, saying:

Slightly before midnight on November 3rd, 2015, we received a blackmail email from a group of criminals who have been responsible for a string of DDOS attacks which have happened across Switzerland in the past few weeks.

Shortly afterward, the company explained, it came under a DDoS attack which took it offline for around 15 minutes.

On 4 November, a further attack was initiated at approximately 11:00. Despite the best efforts of its datacenter and upstream provider, ProtonMail toppled over in the face of what it calls “an unprecedented level of sophistication”, as a coordinated attack exceeded 100 Gbps.

As the scope of the attack increased, it wasn’t just the company’s datacenter that was knocked out but also the ISP it used, thereby impacting hundreds of other firms.

It was this collateral damage, the company said, that led to it coughing up the Bitcoin:

At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time.

At this point you may assume that the story is over – after all, many gangs behind online ransom crime do indeed unlock files or cease attacks when the cash is handed over – because good “customer service” ensures the next victim pays too.

But in this case, the DDoS attack was not called off. Indeed, at the time of writing, protonmail.com is still inaccessible.

Taking to Twitter, the company reiterated why it gave in to blackmail, saying:

Over 100 companies were taken offline from the attack against us. Impacted companies asked us to pay, we couldn't refuse.

Responding to questions on the social network, ProtonMail confirmed that many of the companies who had asked it to pay up had contributed to a defence fund (its already raised $14,000 of its $50,000 target) set up to help it improve its infrastructure in a bid to thwart future attacks.

In slightly better news, customers of the service, which has around half a million users, can breathe easy, safe in the knowledge that their “data is safe and untouched.”

As the criminal investigation continues, ProtonMail says it is working with the Swiss Governmental Computer Emergency Response Team (GovCERT) and the Cybercrime Coordination Unit Switzerland (CYCO), with added assistance from Europol.