ProtonMail: An Encrypted Email Provider Held Hostage By Hackers | Piracy
ProtonMail, a Switzerland-based encrypted email provider, was forced to go offline on Thursday after hackers detained the company’s internet connection for ransom using a distributed denial of service (DDoS) attack.
“ProtonMail is likely being attacked by two separate groups, with the second attacker exhibiting capabilities more commonly held by state-sponsored actors,” the company said. “It also shows that the second attackers were not afraid of causing massive collateral damage to get at us.”
The ransom was only 15 bitcoins, or roughly $ 6,066, but the attacks didn’t stop when it was paid.
ProtonMail is founded by scientists from European Organization for Nuclear Research, or Cern. He has become widely known in the United States since his appearance in the popular American network drama Mr. Robot.
“We are still studying the evidence and will work with the Swiss Federal Cybercrime Unit,” ProtonMail co-founder Andy Yen told The Guardian, adding that the source of the second attack has yet to be conclusively determined. Yen also said he was aware of “several splinter groups that actively use ProtonMail” and are based in countries known for their hacking attacks.
“But we know after speaking with the experts who have come to our aid that there are few groups capable of carrying out an attack of this magnitude and sophistication. This is possibly the largest and most sophisticated DDoS attack ever in Switzerland, ”said Yen.
Although the type of attack is common, ProtonMail said the DDoS targeted at it was “unprecedented in size and scope” in a blog post to storm. The hackers probably responsible for the first and smaller attack are known as the Armada Collective and have come to the attention of Swiss authorities for extorting “high value targets” in the recent past.
The Swiss government’s computer emergency response team said the group typically demands a bitcoin ransom and then demonstrates its capabilities with a brief DDoS attack, followed by a longer attack if the target does not immediately pay. Their emails usually say “Ransom note: DDOS ATTACK!” According to the team.
ProtonMail said it “reluctantly agreed” to pay the ransom after being pressured to mitigate damage to other ProtonMail ISP and data center customers, who were affected by the attack, but the attacks continued even after payment from ProtonMail. The email provider stressed that it was not breached, just disabled. “Even though access is limited, it’s important to note that our basic end-to-end encryption is strong and 100% intact. All user data is correct and secure.
Yen said the attack was unlike anything seen in the country. “The attack on us was unprecedented for Switzerland, and the attackers destroyed an ISP and an entire data center just to bring us down,” Yen said. “The solutions to defend are also complex and will take time to implement. ”