ProtonMail — a contributor of end-to-end encrypted email — has claimed being subjected to continued service attacks even after paying nearly $5, 850 (15 bitcoins) as ransom.
In a blog published on Thursday, 5 November, the officials of the Switzerland-based service provider said they had hoped, they could spare other companies from getting similar service attacks by paying the ransom, "but the attacks continued nevertheless".
"Attacks against infrastructure continued throughout the evening, and in order to keep our customers online, our ISP was forced to stop announcing our IP range, effectively taking us offline. The attack disrupted traffic across the ISP's entire network and got so serious that the criminals who extorted us previously even found it necessary to write to us to deny responsibility for the second attack," said the blog.
ProtonMail's decision to pay the ransom has caused uproar among critics, who have said the move will only encourage further attacks.
The battle started shortly after midnight on Tuesday, 3 November, when ProtonMail got an extortion email from a hacker group called "DD4BC", who perpetrated a series of distributed denial of service (DDoS) attacks that plagued Switzerland and other countries over the past few weeks.
Then, a DDoS attack began at 11 am on the same day and lasted nearly 15 minutes. By 2 pm, the bulk of junk traffic had touched volumes of 100 gigabits per second, and commenced to target ProtonMail's datacentre and upstream providers as well. The providers included the ones in Zurich, Frankfurt, and other places where the ISP has nodes.
The blog said the "coordinated assault" not only disrupted services of other companies as well.
The blog explained that via MELANI (a division of the Swiss federal government), ProtonMail traded information with other companies who were also attacked and "made a few discoveries".
It said the attacks on ProtonMail could be divided into two stages: First was the "volumetric attack" that targeted only the IP addresses of the service provider, and the second a more complicated attack that targeted "weak points in the infrastructure" of their ISPs.
I added that the second attack has not been noticed in any prior recent attacks on Swiss companies, and was "technically much more sophisticated".
"At present, ProtonMail's infrastructure is still vulnerable to attacks of this magnitude, but we have a compromise long-term solution which is already being implemented. Protecting against a highly sophisticated attack like the second one which was launched against us requires sophisticated solutions as we need to protect our datacentre and upstream providers. Cost estimates for these solutions are around $100, 000 per year since there are few service providers able to fight off an attack of this size and sophistication. These solutions are expensive and take time to implement, but they will be necessary because it is clear that online privacy has powerful opponents. In order to cover these costs, we are collecting donations for a ProtonMail defence fund," the blog added.
However, by the time on 5 November the blog was posted, the attacks had stopped.