To be honest, I’ve read an awful lot about DDoS attacks this year. They seem to be gaining in popularity, especially when paired with a (BitCoin) ransom demand. And honestly, who wouldn’t be tempted to pay a relatively small ransom in order for their business page to work again without interruption and save a lot of money in the process?
That’s what the Swiss email service provider ProtonMail thought when they decided to pay the ransom to a group of cyberciminals who were attacking them and who were allegedly also responsible for a string of other DDoS attacks all over Switzerland.
According to their blog they first received a blackmail which was quickly followed by a DDoS attack. It took them offline for 15 minutes.
“We did not receive the next attack until approximately 11AM the next morning. At this point, our datacenter and their upstream provider began to take steps to mitigate the attack. However, within the span of a few hours, the attacks began to take on an unprecedented level of sophistication”, the blog goes on. “At around 2PM, the attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself.”
It comes as no surprise that they were also placed under pressure by third parties at this point, so they “agreed to [pay the ransom] at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. This was a collective decision taken by all impacted companies, and while we disagree with it, we nevertheless respected it taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companies caught up in the attack against us. “
The DDoS attacks didn’t cease though: “This was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will NEVER pay another ransom.”
The above example should be a warning to everyone who thinks that paying ransom will be the solution, be it to stop DDoS attacks or decrypt your personal data in a case of ransomware. It will almost never end there.