ProtonMail comes back online, shores up DDoS defenses

10.11.2015
ProtonMail, the Switzerland-based encrypted email service, has found its footing again after a wild ride over the past week.

The free service has said it was hit by two different groups using distributed denial-of-service attacks (DDoS) that took it offline.

Now it has partnered with Radware, which offered its DDoS mitigation service for a "reasonable price," allowing service to resume, ProtonMail wrote in a blog post on Tuesday.

"The attackers hoped to destroy our community, but this attack has only served to bring us all together, united by a common cause and vision for the future," the company wrote.

The first group of attackers, which call themselves the Armada Collective, asked ProtonMail for a ransom in bitcoin before launching attacks early on Nov. 4.

The Swiss Governmental Computer Emergency Response Team warned in September about blackmail attempts by the Armada Collective. They tend to launch a demo attack while demanding 10 or 20 bitcoins, and larger attacks follow if the ransom isn't paid. 

Controversially, ProtonMail paid the ransom. The company wrote in a blog post that it was under pressure from other companies to pay it in order to stop the attacks.

However, ProtonMail later edited the blog post, writing that paying "was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will never pay another ransom."

The second group's attack on ProtonMail had wide-ranging effects on its service providers and other companies, which also were knocked offline. The 100Gbps-attack brought down ProtonMail's ISP, including the ISP's routers and data center.

ProtonMail suspected that the second group might be state-sponsored hackers because of the severe damage inflicted. Bizarrely, the Armada Collective told ProtonMail it wasn't responsible for the second set of attacks.

By Sunday, ProtonMail began recovering. An ISP, IP-Max, set up a direct link from ProtonMail's data center to a major Internet connection point in Zurich in less than a day, it wrote. Level 3 Communications lent a hand with IP transit.

An appeal for donations to put in better protections against DDoS has netted $50,000 so far as well. ProtonMail's service is free, but eventually it plans to introduce paid-for premium options.

ProtonMail is now using Radware's DefensePipe, a cloud-based service. Other companies, ProtonMail said, offered their services but "attempted to charge us exorbitant amounts."

ProtonMail offers a full, end-to-end encrypted email service and has more than 500,000 users. Although it has been possible to encrypt email for decades, interest has increased since documents leaked by former U.S. National Security Agency contractor Edward Snowden showed massive data-collection operations by western spy agencies.

Jeremy Kirk

Zur Startseite