ProtonMail pays Bitcoin ransom to stop DDoS attack then is attacked further

Distributed denial of service (DDoS) attacks with extortion demands for payments in Bitcoin to stop them are becoming more and more popular in 2015, but what happens if you give in and pay the ransom?

Switzerland-based email service provider ProntonMail (Proton Technologies AG) has found out the hard way that paying the ransom doesn’t work after the company experienced the multiple DDoS attacks and paid the ransom.

The company was hit by its first DDoS attack on November 3, complete with an now usual email preceding it that warned it would happen if a payment was not made; after the first attack resulted in the website being offline for fifteen minutes,  a second attack on November 4 was described as being more sophisticated and intense.

After taking steps to mitigate the attacks with their datacenter and their upstream provider, the attack went further: “The attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself,” ProntonMail wrote in a blog post.

“The coordinated assault on our ISP exceeded 100Gbps and attacked not only the data center, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the data center and the ISP, which impacted hundreds of other companies, not just ProtonMail.”

Given the impact of the attack on other companies, the company explained why the paid the money demanded, writing “At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y.”

“This was a collective decision taken by all impacted companies, and while we disagree with it, we nevertheless respected it taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companies caught up in the attack against us. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless.”

As previously mentioned this is where things didn’t go as planned.

“This was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will NEVER pay another ransom,” the company added as attacks continued after they made the payment, although there is some suggestion that the later attacks may have come from a different group who had heard that the company was willing to pay up to stop them.

Lesson learned

Giving in to cyber extortion of this kind simply encourages further attacks, not just on the company targeted but with other companies as well as it confirms to the people behind these attacks that payment may be forthcoming.

The only positive out of this is that ProtonMail has been highly transparent with what has occurred, and where they stand now.

“At present, ProtonMail’s infrastructure is still vulnerable to attacks of this magnitude, but we have a comprehensive long-term solution which is already being implemented,” the company noted.

The moral of the story is simply don’t pay ransom demands no matter how bad the DDoS attacks get.

Image credit: quinnanya/Flickr/CC by 2.0
  • About
  • Latest Posts
Duncan Riley

Duncan Riley

Duncan Riley is a senior writer at SiliconANGLE covering Startups, Bitcoin, and the Internet of Things.

Duncan is a co-founder of VC funded media company B5Media and founder of news site The Inquisitr, and was a senior writer at TechCrunch in its earlier days.

Tips? Press releases? Intersting startup? email: or contact Duncan on Twitter @duncanriley

Duncan Riley


Join our mailing list to receive the latest news and updates from our team.

mm – leading Bitcoin News source since 2012

Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. The information does not constitute investment advice or an offer to invest.