back to article ProtonMail pays ransom to end web tsunami – still gets washed offline

After a crushing distributed denial-of-service attack against its servers and ISPs, secure email service ProtonMail has paid the ransom demanded by its attackers. The Swiss firm was promptly smashed offline again. "We were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do …

  1. Mark 85

    They have obviously pissed off someone with deep pockets and large amount of assets at their disposal. If not a state, then who else could pull this kind of sustained and changeable attack?

    1. Lee D Silver badge

      Any kid with a botnet vained from a virus-making kit.

      Honestly, 15 year old are breaking into TalkTalk servers and stealing data. It doesn't need state levels of hardware to pull off a DDoS

      1. Alan Brown Silver badge

        "Any kid with a botnet vained from a virus-making kit."

        It reminds me of a replay of the IRC wars back in the late 1990s.

        Once the script kiddies established they could make the IRC server owners do what they want, they proceeded to DDoS those who had the temerity to stand up to them. Several companies went under as a result.

        Of course back then, the "law" didn't want to know about it until some of the kiddies went too far and took it into real life. One of them ended up with a very long stay indoors after attempting to murder the FBI agent investigating his antics.

        Relevance? Many of those script kiddies then are the hardened cyber criminals now.

    2. streaky

      Literally any 12 year old. The internet is such that this sort of thing is fairly easy.

      I wouldn't even consider starting such a service without being able to handle at least 5x that out my own coffers - due to my personal feeling is it's just not ethical - 100gbit is fairly tame by modern standards and if a state wants you offline they'll fire way more at you.

      I'm not saying it isn't a state but seriously, paranoia isn't useful. Go ask Arbor for help.

  2. Anonymous Coward
    Anonymous Coward


    Tar, Feather and put them in the Stocks.

    Then pelt them with rotten eggs before taking them out the back and get them quartered.

    It is obviously the *** who don't want any encrypted email passing into their servers.

    1. HAL-9000
      Big Brother

      Re: Scumbags

      Yep, total c!"&ing scumbag f&c!e*z, only I don't care if they know my name.

  3. Danny 2

    GCHQ, j'accuse!

    The last ProtonMail tweet before the attack was critical of the UK government. "In another attack on human rights, the British government is trying to ban ProtonMail" While that is true, it does seem ill-advisedly political and self-promoting now, given that GCHQ have no sense of humour.

    The original hackers denied involvement in the second attack, saying in the bitcoin address used for the ransom demand, "We are not attacking ProtonMail! Our attack was small, directed at their IP only and lasted 15 minutes only! WE DO NOT HAVE THAT POWER! NOT EVEN CLOSE! We have no such power to crash data center and no reason to attack ProtonMail any more!"

    The BBC article carefully fails to mention the allegation of state-sponsored actors, instead victim-blaming for paying the original ransom. Paying the ransom was stupid, not least because it obscures the real story that this was a state hack - our state hack.

    One positive thing is that if GCHQ have to DDoS then they probably haven't been able to hack it.

    1. Ossi

      Re: GCHQ, j'accuse!

      The UK government is criticised on a constant basis, including by this website, but The Guardian still seems to be up after every critical article, and so do all the others.

      We don't know who carried out the second attack or why. That doesn't mean you should just make things up. That's not really a good way to understand the world. There are endless possibilities, and we have evidence for precisely none of them.

      1. Danny 2

        Re: GCHQ, j'accuse!

        The Guardian had a bizarre angle-grinder incident recently, in case you didn't notice, with some OTT threats to take them offline, and out of print, thrown in for good measure.

        I once mocked MI5 online once, a couple of years after I was wrongly blacklisted as a peace-protester. Guess what happened? I regret that mockery now, there are worse things than being blacklisted. They have no sense of humour, no sense of proportion when it comes to punishment.

        I've stated the three dots I am joining. Of course, maybe another 'three letter agency' is trying to frame GCHQ, and of course I have no proof. It might be a duck-billed platypus confusing me, but it is waddling, swimming and quacking like a duck.

      2. Anonymous Coward
        Anonymous Coward

        Re: GCHQ, j'accuse!

        "The Guardian still seems to be up after every critical article, and so do all the others."

        Forgot this episode did we?

  4. Anonymous Coward
    Anonymous Coward

    Business model?

    I wonder which state security services have had their funding cut recently.

    1. Mark 85

      Re: Business model?

      After the speculation by various governments in the news today about the Russian airliner.. I expect budgets will be rapidly ramped up. Even the Russians seem to be believing now.

  5. Alistair

    You see, she really *was* running her own mail server.

    and now, trying to move all her mail over to the new secure server.........


  6. Doctor Syntax Silver badge

    The ransom was probably just one of the NSA guys looking to make a bit of pocket money. No reason why they should stop their attacks.

  7. Anonymous Coward
    Anonymous Coward

    Thank you, ProtonMail..

    ..for paying, and so encouraging whoever is doing it to do it again, and again, and again. That is, after they leave for a while.

    Who needs a government sponsored attack when you reward criminals? Not that both cannot be the same in this case, but governments have far better means to throw nuts in their gears.

    1. Anonymous Coward
      Anonymous Coward

      Re: Thank you, ProtonMail..

      That, and also I wonder: if they are so quick to give in to a DDoS/blackmail, how long will it take if somebody comes and demands other things from them, like.. don't know... data on customers? Hypothetical of course.

    2. Anonymous Coward
      Anonymous Coward

      Re: Thank you, ProtonMail..

      If you check this story in detail you will discover that Protonmail was lent on heavily by 'third parties' to pay up. Hopefully the fully story will emerge in time.

      1. Anonymous Coward
        Anonymous Coward

        Re: Thank you, ProtonMail..

        If you check this story in detail you will discover that Protonmail was lent on heavily by 'third parties' to pay up.

        So these third parties wanted to ensure that fighting DDoS attacks become a frequent routine for ProtonMail? I can't see a quicker way to ensure the death of the service, especially one that is free and thus desperate for customer goodwill when they switch to a paying model.

        The sophistication of the attack suggests insider knowledge. One wonders if there were any US passport holders involved...

  8. Anonymous Coward
    Anonymous Coward

    State sponsored attack. You mean like the united states framing julian assange ? These guys will do anything to control the world , won't they ?

    It's time for little national internets that don't communicate with each other. This one big internet thing is just rolling over and dying , and we should abandon it.

  9. Your alien overlord - fear me

    If the initial attack was for only 15 minutes, what's the reason for paying? Most ISP's/web mail servers take that kind of hit and think nothing of it.

    It's their upstream ISP who should have anti-DDoS hardware in place to stop these floods. My ex-place of work had one. If a customer got hit, no one actually knew because the box o'tricks was in LINX where bandwidth is plentiful. It could block fake packets, corrupt packets etc. and just dropped them. This kind of box should be standard in every ISP (even the cheap ones).

    1. Danny 2

      It appears that ProtonMail understandably mistook the second attack for the first attack, and paid out the script-kiddies to stop the damage that the state-actor was doing.

      As the script-kiddies said later on their coin, "Public Note: Somebody with great power, who wants ProtonMail dead, jumped in after our initial attack!"

      1. allthecoolshortnamesweretaken

        So a third party monitored the first attack and deceided to get involved and launched the second attack? And given the size of the second attack probably not bored script kiddies, but someone with real resources? Hmm.

        1. Danny 2

          It is odd, I suspected the 'armada' were a front or a patsy, but maybe GCHQ had their number and just waited until they were useful. Or maybe one of their group was turned. Whatever, if I was one of those script-kiddies tonight I'd be very scared I'm suddenly paddling in the deep-end of the pool, next to a rather large fin.

  10. fcuktheregime

    Who is actually attacking ProtonMail?

    According to Akamai, attacks of script kiddie's who extorted ProtonMail peaked at 772 Mbps.

    It sounds like those script kiddies are using 1 dedicated server with 1 Gbps port to make floods.

    It's strong enough to ddos home connections and small servers, but 1000x stronger attack is needed to shut down 3 data centers + 3 or more email providers at the same time.

    1. Anonymous Coward
      Anonymous Coward

      Re: Who is actually attacking ProtonMail?

      It sounds like those script kiddies are using 1 dedicated server with 1 Gbps port to make floods.

      Sure, and they have a 1Gbps Internet connection to it?

      Come back when you know a bit more about wide area networking.

  11. Anonymous Coward
    Anonymous Coward

    Still also down:

    1. Anonymous Coward
      Anonymous Coward

      Yes, I noticed yesterday the front page of too. Interesting - that has been up since the 4th. Do these people not run backups? Security begins with running a decent IT shop.

      As for VFEmail, their servers are in the US which pretty much disqualifies them as usable - their MX records alone raise questions because it looks like 3 separate machines, but if you look behind the machine names you find one and the same IP address...

      1. Anonymous Coward
        Anonymous Coward

        My guess is that have posted a plausible excuse and not a reason.

  12. Anonymous Coward
    Anonymous Coward

    never give up

    Never surrender! My own European based privacy conscious email premium email provider refused to pay and have so far beaten the bastards off with relatively short interruptions of service. Proton did us all a disservice by paying a ransom (if they did -- it's possible they're actually trying to sting the attackers). In the meantime, I'm happy to stand in support of my provider's staff in defiance of these criminals.

  13. EJ

    So fail

    Paying crims didn't solve the problem? Wow - who could have anticipated that?

  14. Beornfrith

    I guess they've never heard of the Danegeld... At least, in being Swiss, they have an excuse.

    1. Doctor Syntax Silver badge

      "I guess they've never heard of the Danegeld"

      And that is called paying the Dane-geld;/But we've proved it again and again,/That if once you have paid him the Dane-geld/You never get rid of the Dane.

      1. khjohansen

        Re: the Danegeld

        All right - apart from the Danelaw, half our language, the fish and fur trade(...) - what have the Danes ever done for us?

        1. Aitor 1

          Re: the Danegeld

          Nothing!! ;)

      2. Alan Brown Silver badge

        When it comes to dealing with script kiddies, you don't draw a line in the sand and then keep stepping back to draw a new one when they charge over it.

        That tactic was tried 15 years ago and didn't work so well then either.

  15. Anonymous Coward
    Anonymous Coward

    Strudle eating surrender monkeys

    This is why I trust my private mail to Vikings.

  16. Anonymous Coward
    Anonymous Coward

    Paying the Ransom was not the worst part...

    If Protonmail paid the initial ransom in order to prevent critical damage, that's forgivable. What I would not forgive is an organization like Protonmail conceding to Governmental Coercion for the release of encryption keys, etc.

    It's obvious Protonmail did what it had to do and has since worked on a solution that would prevent this from happening again. I would suspect that the second, larger attack could have been a joint-venture between the NSA & GCHQ. In either case, I still trust Protonmail and the fact that it resides in a country outside of the 14+ eyes of worldwide mass-surveillance, might also be why both state-sponsored actors wanted a piece of that action.

    In either case, my information is still safer with Protonmail than most any other email service providers out there and I sure as hell am never going back to using Google's bull***t system with it's privacy-violating data-services and SaaS Cloud infrastructure.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like