Skip to main content

ProtonMail DDoSed, asked for ransom

ProtonMail, an encrypted e-mail service provider, was hit by what seems to be two separate DDoS attacks, forcing the company offline. One of the two assailants even asked for ransom, but once it was paid, the attacks didn’t stop.

The ransom was 15 bitcoin, or £3,666.

“ProtonMail is likely under attack by two separate groups, with the second attackers exhibiting capabilities more commonly possessed by state sponsored actors,” the company said. “It also shows that the second attackers were not afraid of causing massive collateral damage in order to get at us.”

The cause of the attack is unknown, although the company’s co-founder believes it might have something to do with dissident groups using the service.

“We are still poring over the evidence and will be working with the Swiss federal cybercrime unit,” ProtonMail co-founder Andy Yen told the Guardian, adding that the source of the second attack had not yet been conclusively determined. Yen also said that he knew of “several dissident groups who are actively using ProtonMail”, and are based in countries known for hacking attacks.

“But we know after speaking with the experts that came to our aid that there are few groups capable of carrying out an attack of this size and sophistication. This is likely the biggest and most sophisticated DDoS attack to ever occur in Switzerland,” Yen said.

In a statement regarding the attack, the company said the attack was “unprecedented in size and scope”. However, its data is safe.

“Even though access is limited, an important thing to note is that our core end-to-end encryption holds strong and is 100% untouched. All user data is fine and safe.”