Slashdot Mirror
Pro-Privacy Webmail ProtonMail Pays Ransom, But Hit By DDoS Attack Anyway (wordpress.com)
An anonymous reader writes: The new pro-privacy, pro-encryption webmail service ProtonMail has been under a sustained DDoS attack since November 3. They received a ransom demand a few days ago, along with a brief demonstration of how effective the DDoS attack was. They were advised to pay the ransom, and they complied. Unfortunately, the attackers launched the DDoS anyway. Here's a quote from their press release:
"Through MELANI (a division of the Swiss federal government), we exchanged information with other companies who have also been attacked and made a few discoveries. First, the attack against ProtonMail can be divided into two stages. The first stage is the volumetric attack which was targeting just our IP addresses. The second stage is the more complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated. This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us."
"Through MELANI (a division of the Swiss federal government), we exchanged information with other companies who have also been attacked and made a few discoveries. First, the attack against ProtonMail can be divided into two stages. The first stage is the volumetric attack which was targeting just our IP addresses. The second stage is the more complex attack which targeted weak points in the infrastructure of our ISPs. This second phase has not been observed in any other recent attacks on Swiss companies and was technically much more sophisticated. This means that ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state-sponsored actors. It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us."
Well, that might work for you, but I would suggest to everyone else that you ALWAYS take a gun to a knife fight if you want to win. I can have my gun out just as fast as some idiot can pull their knife out....PERIOD. Here is a hit, don't walk around oblivious to your surroundings, and you will always be in a position where your side arm (even concealed) can be accessed long before issues arise.
The self-righteousness of slashdot know-it-alls sucks.
Protonmail made it quite clear, the ISP and carrier made them pay after the whole datacenter with hundreds of other customers went down. It's not like they did not know that you should not pay. But if you are close to being put out on the street, you reassess your policies.
DDoS protection against this size of attack is expensive and it is obvious that a provider of secure email can not simply hand out the ssl key to a CDN. If you want to make sure the next attack is hit with the visor down and the defense in place, then go and support their defense fund, so they are no longer tempted to pay.