Have you ever been a target of DDoS attacks where the attackers demanded bitcoin ransom? Did you pay? How did it work out for you? If you have not come across such situation, that’s good. If you did come across such situation and everything worked out well for you in the end, even that’s good for you. However, if you ever come across such situation, then paying ransom may not be the best idea. ProtonMail has learnt it the hard way.
The Switzerland based email service provider, ProtonMail was a victim of coordinated distributed denial of service on November 3, leading to the site going offline for close to 15 minutes. The initial attack was accompanied by a ransom email demanding bitcoin. The second wave of attack ended up causing more damage than the previous one by taking down the servers and nodes used by ProtonMail, forcing them to pay the ransom to ensure that the other companies sharing IT infrastructure with ProtonMail are not affected.
The company has now come to repent their previous decision to pay ransom as the attacks have continued in spite of paying the ransom. In a blogpost, ProtonMail has explained that the company had to forcefully take the decision to pay ransom after pressurized by third parties to do so. The third parties included other affected companies sharing the IT infrastructure or using ProtonMail’s services.
ProtonMail has explained that it was never its intention to pay ransom and it still is not. They believe that by paying ransom, they might have attracted other attackers who believe that they can easily extort money from the company and launching their own attacks.
The company seems to be dealing with their predicament effectively while being transparent at the same time. The company has also stated that it has a long term strategy now planned out and implemented which will enable them to handle such attacks more effectively in the near future.
If you want to turn this intenet bane into a boon, you can support ProtonMail by contributing to their crowdfunding campaign here and help them continue offering their email service.