Swiss email firm pays $6000 ransom to hackers

Nov 9, 2015 | Email marketing, Regulation

A secure-email firm, based in Switzerland, has paid a ransom of $6000 (£3,600) after web attacks crippled its website. The hi-tech criminals behind the web attacks said the payment would stop the deluge of data hitting the site. But despite paying up, the web attacks continued, leaving Protonmail struggling to operate. It has now launched […]

A secure-email firm, based in Switzerland, has paid a ransom of $6000 (£3,600) after web attacks crippled its website.


The hi-tech criminals behind the web attacks said the payment would stop the deluge of data hitting the site.
But despite paying up, the web attacks continued, leaving Protonmail struggling to operate. It has now launched a fund-raising drive to raise cash to tackle any future attacks.
In a blog post published Thursday, officials of Switzerland-based ProtonMail said they “grudgingly agreed” to pay 15 bitcoins, which at current valuations came to about $5,850, to the attackers in exchange for them halting the assault. Even after paying the sum, however, crippling attacks continued, although at the time the blog post was being written, they had subsided. The ransom payment is generating protest from critics who say it will only encourage more attacks. ProtonMail officials wrote:
We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. Attacks against infrastructure continued throughout the evening and in order to keep other customers online, our ISP was forced to stop announcing our IP range, effectively taking us offline. The attack disrupted traffic across the ISP’s entire network and got so serious that the criminals who extorted us previously even found it necessary to write us to deny responsibility for the second attack.
Post-attack analysis suggests Protonmail was targeted in two phases, the company said. The first aided the ransom demand but the second was “not afraid of causing massive collateral damage in order to get at us”.
Switzerland’s national Computer Emergency Response Team (Cert), which helped Protonmail cope, said the attack was carried out by a cybercrime group known as the Armada Collective. This group has also targeted many other Swiss web companies over the last few weeks, the team said.
It said anyone who received ransom email should not pay up. Instead, they should talk to their ISPs about the best way to defend themselves against attacks.
Protonmail said that despite its work to harden itself against attack, it was still vulnerable to DDoS data deluges. It said it planned to sign up with a commercial service that can defend against the attacks but this would be likely to cost it more than $100,000 (£66,000) a year. It has started a fund-raising drive to gather the cash to pay this fee.
“We are fighting not just for privacy, but for the future of the internet,” it said.