If you or someone you know has experience with mitigating enterprise
level DDOS attacks, we welcome your expertise. You can contact us via
the following addresses:
Andy Yen:
andy.l.yen [at] cern [dot] ch
Jason Stockman:
hello [at] jasonstockman [dot] com
Secure email with no compromises, brought to you by CERN and MIT scientists.
They are a small tech startup so I doubt they saw this coming so I'll give them the benefit of the doubt. I was surprised to see that I couldn't login to Protonmail today.
cloudflare has had a shit ton of experience protecting against ddos and are the affordable experts. black lotus is more for larger business and might be out of their budget but it would mean not changing hosting servers.
Judging by the thread they must have used amplification attacks against the ISP and Data center. The power they're stating is not that far out of reach these days.
It reads as if they were "encouraged" to pay by 3rd parties also hindered by the DDoS. I would guess that some other companies also use the same ISP (banks? gvt?) so that those 3rd parties wanted their shit to work again.
Yeah. Sounds like they were DDoS'd by two different parties, though. The ransom was for the first DDoS, so the ransom they paid didn't even affect the worse one, which was affecting the other businesses.
@LIFE I highly doubt that. They say that the solutions require $100k a year, and they ask for $50k, which I'm assuming is not even as much above the first attack, which sounds like it wasn't even that much of a problem, at least, not as much compared to the onslaught they received. Other companies were losing a lot of money that was probably greater than the amount of the ransom, and they didn't know that the ransom was not for the greater range of attacks.
The second attack was 100Gbps clearly from some state-sponsored or from organization with big resources but i have this feeling that the second attack wasn’t only for ProtonMail.Maybe i'm wrong and i see conspiracies xD
I can't believe they paid the ransom. It didn't occur to anybody from their team could that the DDOS could continue even after the money has been paid. Seriously?
It wasn't the same attackers. They were being DDoS'd by two different parties, according to the attackers that sent the ransom. They were also pressured to pay the ransom by certain companies due to the effect that the DDoS had on those that shared their ISP and datacenter (including banks and other cost-critical businesses). This was touched on by the above posts.
They announced not too long ago on their Twitter that one of their engineers was leaving to pick up some important-sounding hardware. Hopefully they'll be fully operational again by the end of the weekend.
The thing with DDoS is that you can only mitigate it IF you have a bigger pipe than the traffic that is poured over your service. Even if you have the hardware to withstand the rapid session opening and millions of packets, if your uplink is all saturated, then your servers are save but your service is not. You get into BGP session breakdowns and all sorts of other issues.
The only real protection is through services like Cloudflare. You can upload your certificate and maintain the HTTPS connection to your service.
So, yes, Protonmail does not need staff, they need a service :)