ProtonMail, one safes email service based in Switzerland and is known for encryption offering on the basis of Swiss laws and protecting its clients against the NSA, receives a massive DDoS attack, although it has already paid € 5.500 as a ransom.
According to Protonmail, the assault began at 3 November, and at the same time her employees received a ransom note from a hacking group known as Armada Collective.
The hacking team, using the same tactic as the corresponding hacking team, DD4BC, threatens companies around the world with DDoS attacks, unless they pay a ransom to Bitcoin.
ProtonMail initially ignored the message, and so that same night launched an attack that managed to bring down the service offline for 15 minutes.
A second attack followed the next day around 11 am, but PrtonMail said its provider took the appropriate steps to alleviate the DDos attack.
At this point, things started to become a little 'strange'. A few hours later, as ProtonMail explains, attacks have increased unexpectedly in both complexity and bandwidth, reaching over 100 Gbps, and also targeting the weak points of its ISP provider's infrastructure. This was done around 14: 00.
At 3: 30 pm, after 90 minutes of shutdown time for all ISP systems, and after the provider faced pressure from other businesses affected by the DDoS attack, ProttonMail decided to pay Armada Collective ransom.
Despite this ransom payment, the DDoS attacks continued to the ISP, which is offline offline at regular intervals depending on the incoming DDoS traffic.
ProtonMail reports that after paying the ransom and following further e-mail exchanges with hackers, Armada Collective has denied any responsibility for the second wave of more sophisticated attacks.
ProtonMail, a service providing secure e-mail for dissident and anti-government journalists from many countries, now suspects that the second wave of attacks is being carried out by a state-sponsored group that saw the perfect opportunity to shed the company without turning suspicions on her.
ProtonMail today plans to migrate its services into a more advanced infrastructure with built-in DDoS attack mitigation systems. This move will probably be betting so the company has opened a donation account at GoFundMe, called ProtonMail Defense Fund.