ProtonMail Endures Massive DDoS Attack


Takedown of secure email service indicates many more mail vendors might be at risk.

Swiss secure email provider ProtonMail went offline with a pair of massive denial of service attacks that took down the service for several days. Attacks began in the night of November 2 and service was finally restored on the morning of November 8 after the company had rebuilt large parts of its internal infrastructure.

Experts piecing through the evidence now say the attack came from two different sources. The first phase was a criminal ransom attack, demanding payment of 15 BTC (around $5500). ProtonMail ignored the demand at first but later paid under pressure from other businesses experiencing collateral damage. Soon after the payment, another attack started, which the security team assumed was the ransomers gunning for more, but after three days, it became clear that the second attack showed marks of a much more sophisticated enemy. According to the ProtonMail blog post, the second attack “caused the vast majority of the damage, including the downing of the data center and crippling of upstream ISPs, exhibiting capabilities more commonly possessed by state-sponsored actors.”

The second attackers never made any demands but simply seemed to want to take ProtonMail offline. A group called the Armada Collective later claimed responsibility for the first attack and denied responsibility for the second onslaught.

ProtonMail calls itself the “world's largest free private email service,” and its customers include journalists and activists in several authoritarian countries who use the service to avoid the watchful eyes of governments. Many experts believe a state-sponsored entity wished to intimidate, or possibly bankrupt, ProtonMail by launching the second attack, and they saw the first attack as an opportunity to launch their assault through a cloud of confusion. Luckily, community power slipped into the gap. ProtonMail raised over $57,000 in just a few days through the ProtonMail Defense Fund to rebuild their infrastructure and retool their systems to resist further attacks.


Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=