ProtonMail has been fighting a series of Advanced Persistent DoS (APDoS) attacks, which have exceeded 100Gbps, and numerous attack vectors, that have shut down their secure email service, their ISP and every other company in their data center. The first attacker, the Armada Collective is a new hacking group motivated by financial gain who demanded a ransom from the company. The second attack came from an unknown group. This second attack caused the bulk of the damage.
Andy Yen, CEO of ProtonMail states, “Their sole objective was to take ProtonMail offline, at any cost, with no regards for collateral damage, and to keep us offline for as long as possible. The attack significantly disrupted our infrastructure and made email access impossible. This impacted over half a million users worldwide, including many journalists, activists, and dissidents who are active on our platform.”
The Swiss-based secure email provider has selected Radware’s
Attack Mitigation System (AMS) to help it take control of the situation and regain control of the mail service. Radware’s AMS technology can accurately detect and mitigate emerging network attacks without the need for human intervention and without blocking legitimate user traffic, complemented by real-time reporting and monitoring. Radware began working with ProtonMail on November 8th as part of their Emergency Response Service and service was restored shortly after.
Carl Herberger, Vice President for Security Solutions at Radware, says that corporations need to understand the severity of the Advanced Persistent DoS attacks, such as SMTP DoS, and review their security measures: "APDoS is akin to the way bomber aircraft would jam radar systems many years ago – the type of attack is so varied and frequent that it becomes near impossible to detect them all, and more importantly difficult to mitigate them without impacting your legitimate web traffic. This technique will become a staple in the hacker’s armoury. The threat is real. It is vital that organisations equip themselves with the real-time detection and mitigation solutions that are capable of withstanding sustained attacks without impacting the service expected by customers.”
Yen further explains, "In order to mitigate the DDoS attack against us, we partnered with Radware, one of the world's premier DDoS protection companies. In Radware, we found a solution that was capable of protecting ProtonMail without compromising email privacy. Given the magnitude of the attack we faced, we knew that we would have to work with the best, and Radware's BGP redirection solution fit our requirements. During our hour of need, there were many companies who attempted to charge us exorbitant amounts, but Radware offered their services at a reasonable rate in order to get us online as soon as possible. With Radware DefensePipe, we were finally able to mitigate the attack on ProtonMail."
Radware’s 2014/2015 ERT Report reveals that 16.3% of cyber-attacks are motivated by ransom. Herberger adds, “Companies under cyber-attack should strongly consider whether or not they should pay the ransom demand. In this situation, they should consult their security experts to check if the attack is genuine and put in place proper mitigating measures.”
