ProtonMail, a Switzerland-based provider of private email services that started back in 2010 after it received over $2 million in funding to bring encrypted communications to the “mainstream,” has survived a second round of Distributed Denial of Service (DDoS) attacks orchestrated by hackers.
As we previously reported while the attacks were still underway, the company paid a ransom in bitcoins in order to stop the first round of attacks, only to be hit by a second, much more damaging wave that impacted dozens of other companies.
The second wave of attacks were described by ProtonMail as “the largest DDoS attack in Switzerland” — one which prompted a group effort against the attacks, including a variety of Switzerland-based companies that were also knocked offline as a result of the cyber-attacks.
It was originally believed that after paying the ransom to the hacker group, known as Armada Collective, the group continued to wage an attack on the mail service in an attempt to render the mail service inaccessible to its users. ProtonMail has since revealed that a second, unrelated group was behind the second wave of attacks.
In a statement made to Immortal News, Andy Yen, co-founder and CEO of ProtonMail, said that the Armada Collective was “surprised” by the second wave of attacks. As they were unprepared for that type of exposure, the group immediately reached out to ProtonMail to let them know that they weren’t responsible.
In this case, we honestly believe the first group of attackers didn’t know the second group was prepping for an attack so when the second attack hit, the first group was as surprised as us. The second attack made this a serious criminal investigation and the first group wasn’t prepared for that type of exposure. That’s why they immediately reached out to deny responsibility.
The Armada Collective, which originally extorted $6,000 out of ProtonMail to cease DDoS attacks on the service, has since paid some of the money back, according to Yen. “Not only did the first group honor the ransom, they even paid some of it back when they saw how serious the second attack was”, he explained.
Yen said that the team behind ProtonMail had concerns about paying out a ransom to the hacking group since the attackers would then have an incentive to conduct repeat attacks. Ultimately, the decision to pay the ransom was made by the group of companies impacted by the DDoS attacks, a decision ProtonMail was against but still agreed to facilitate when the other companies determined it was the best course of action. “The cost was jointly absorbed with the other impacted parties”, he said.
The $6,000 extorted from the companies involved is just a drop in the bucket compared to the amount of money ProtonMail plans on spending to prevent these types of attacks in the future. “We have expended approximately $40,000 so far on defending this attack”, Yen told us. Next year, between $60,000 and $100,000 will be allocated towards the provision of advanced protections that will hopefully deter future attacks of this nature.
Forbes reports that other encrypted email services such as Hushmail have been targeted by DDoS attacks and extortion. They also found comments made by Armada Collective in reference to the second attack made on the service, saying “Somebody with great power, who wants ProtonMail dead, jumped in after our initial attack! We have no such power to crash data center and no reason to attack ProtonMail any more!”
ProtonMail’s reaction suggests that not only have the attempts to cripple this advocate of online privacy failed, they may have inadvertently put the company on a new path to an even higher level of security for its users.
By attacking the world’s largest free private email service, the attackers sent a message that they did not want online privacy to succeed. However, we have now sent them back an even stronger message, that online privacy is here to stay.
In a message sent out earlier today, ProtonMail thanked its supporters and provided an update on the situation. At the time of this writing, attacks are continuing, but are no longer capable of knocking the service offline thanks to contracted DDoS prevention services from IP-Max and Radware.
The company’s high-level security precautions prevented their data from being breached, even as the attacks took services offline. ProtonMail says that, while there may still be intermittent interruptions over the next few days, all services are back up and operational.
It has been one week since the attacks on the promising email startup began, and their team has worked tirelessly around the clock to see the problem resolved. They also give credit to IP-Max and Radware, leaders in blocking DDoS attacks, for not attempting to exploit ProtonMail’s situation to charge exorbitant prices.
With their partnership with IP-Max and Radware Security, ProtonMail is confident that it is even safer and securer than before. Not only has it overcome these attacks, but it can now resist others like it in the future. Additionally, the attack has brought the community of ProtonMail users closer together. In just three days, the ProtonMail Defense Fund has gathered $50,000, a testament to the loyalty of users and the dedicated service that ProtonMail provides.
— ProtonMail (@ProtonMail) November 10, 2015
In the coming weeks, ProtonMail will be working with experts to analyze the available data to see if it can be determined who is behind the second attack. Though it is currently not known who is responsible, the company said that the strength and sophistication of the attacks is “more commonly possessed by state-sponsored actors”.