A provider of end-to-end encrypted e-mail said it paid a ransom of almost $6,000 to stop highly advanced denial-of-service attacks that knocked its networks, and the networks of some of its upstream providers, offline.
In a blog post published Thursday, officials of Switzerland-based ProtonMail said they "grudgingly agreed" to pay 15 bitcoins, which at current valuations came to about $5,850, to the attackers in exchange for them halting the assault. Even after paying the sum, however, crippling attacks continued, although at the time the blog post was being written, they had subsided. The ransom payment is generating protest from critics who say it will only encourage more attacks. ProtonMail officials wrote:
We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. Attacks against infrastructure continued throughout the evening and in order to keep other customers online, our ISP was forced to stop announcing our IP range, effectively taking us offline. The attack disrupted traffic across the ISP’s entire network and got so serious that the criminals who extorted us previously even found it necessary to write us to deny responsibility for the second attack.
The campaign began shortly after midnight on Tuesday, when ProtonMail received an extortion e-mail from a group of criminals said to be responsible for a string of DDoS attacks across Switzerland over the past few weeks. The message was soon followed by a distributed denial-of-service attack that lasted for about 15 minutes. The attack resumed at 11 a.m. the same day and was already showing "an unprecedented level of sophistication." By 2 p.m., the flood of junk traffic reached volumes of 100 gigabytes per second and began targeting ProtonMail's datacenter and upstream providers, including routers in Zurich, Frankfurt, and other locations where the ISP has nodes.