On Nov. 3, Switzerland-based encrypted email service ProtonMail was the victim of an "extremely powerful distributed denial of service (DDoS) attack," which forced the service to go offline.
The perpetrators asked for a hefty ransom in order to stop the digital siege and ProtonMail reluctantly complied.
The company explains in a blog post that it chose to send the demanded 15 Bitcoin (worth around $6,000) to the hacking group because other firms that shared ProtonMail's ISP were collateral victims.
"[Q]uite unprecedented in size and scope" was how the encrypted email service provider described the attack.
ProtonMail stated that a ransom demand arrived on Nov. 3, close to midnight, before the first cyber-attack started. The second attack followed during the morning of the next day, and it was then that ProtonMail's data center and its Internet provider started to block the malicious action.
"However, within the span of a few hours, the attacks began to take on an unprecedented level of sophistication," the company underlines on its blog. The facts show that the afternoon attack targeted the infrastructure of the ISP, as well as the datacenter of ProtonMail.
Routers from Frankfurt, Zurich and other places were victims of the DDoS attack, the blog post further points out.
"The coordinated assault on our ISP exceeded 100Gbps," ProtoMail says.
The cyberattack affected essential pieces of infrastructure, leading to the shutdown of the ISP and the datacenter. The digital assault affected hundreds of businesses that shared the same ISP with the encrypted email service.
At 3:30 p.m. Geneva time, the company decided to pay up the ransom to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. It hoped that by doing so, the relentless hostilities will cease – they did not.
ProtonMail believes that the perpetrators were not one, but two entities. If the first, self-entitled the "Armada Collective" is probably just a hacking group, the second might be a state-sponsored actor.
There were two clear stages in the ProtonMail attack: first is the volume-based digital strike which focused on the company's IP addresses. Afterward is the second stage involving more complexity, as it searched and destroyed liable points in the infrastructure of our ISPs.
One simple reason why ProtonMail would be cyber-bullied is that it offers end-to-end encrypted email.
"[I]t is clear that online privacy has powerful opponents," ProtonMail underlines. The company made a call for funding that should protect itself against such attacks. The crowdfunding campaign aims to raise $100,000 per year for the necessary expenses.
On Friday morning, Nov. 6, ProtonMail was again slammed by unknown perpetrators and was sent offline.