Posted on June 29, 2018 at 5:55 PM

A Large DDoS Attack Knocks Down ProtonMail’s Email Service

The long list of DDoS attack victims gets a new addition after ProtonMail’s email service goes down on multiple occasions, leading to the total downtime of several hours. The company claims that the attack was different than the usual, generic attacks, which caused difficulties with deflecting it.

ProtonMail hit by a DDoS attack

The DDoS attacks continue to plague various online services and websites, with their newest victim being ProtonMail. Due to the unusual series of attacks on the company, its email services went down for several minutes on multiple occasions. In total, the company’s email service on June 27 was down for several hours, and they claim that this has happened because of the more complex nature of the attack.

DDoS attacks are no stranger to ProtonMail, but the email service is usually more than capable of dealing with them. This time, however, the attack was more complex, which has caused additional difficulties for the company’s protection service.

Our network has been under sustained attack this morning. We are working with our upstream providers to mitigate the attack. Emails are delayed but will not be lost. Thank you for your patience.

— ProtonMail (@ProtonMail) June 27, 2018

According to their statement on Reddit, the longest of the multiple outages that the company’s service has faced has been 10 minutes long.

This is not the first time

ProtonMail has experienced another large DDoS attack back in 2015 when it was still only a startup. Back then, dealing with such a threat was a new experience for the firm, and ProtonMail believed that paying the ransom will satisfy the hackers. Doing so, however, caused a lot of criticism from the security industry, but has taught ProtonMail a valuable lesson – it needed to work on its defenses.

Ever since this first attack, the company was quite successful in deflecting them, despite the fact that new ones came almost on a daily basis. The newest attack, however, seems to have been different, and the company was taken by surprise. Bart Butler, ProtonMail’s CTO, even posted a tweet in which he stated that the company was a little slow to deal with the attack, which indicates that he is not exactly pleased with how the things went down.

We were actually a little slow this time. Sorry.

— Bart Butler (@BartCButler) June 27, 2018

Additionally, the company stated on Reddit that Radware is adjusting the DDoS protection so that this kind of incidents could be avoided in the future. As for the attackers, the company believes that they have ties to Russia, but admits that there is still no real measurement of the size of the attack.

What they do know is that the attack has been 500 Gbps, which puts it among the largest recorded attacks to date. It is also much more sophisticated than the usual ones, according to Andy Yen, ProtonMail’s founder. He also promised to deliver any intel regarding the attacker to the relevant authorities, to help in their investigation.

Despite Butler’s apology regarding the slow reaction, ProtonMail still managed to handle the attack relatively quickly. According to Yen, the attack continued throughout the day, but the company learned how to successfully block it, which allowed for the service to return to full stability.

The hackers mocked ProtonMail on Twitter

Yen also stated that they still can’t say that they have ‘won’, considering how this kind of an attack can drag out for days, but the company is managing to hold its ground. He stated that the reason for the attack is still unknown and that the attackers are not to be trusted, since they often claim one thing, while the real reasons are covered.

The attackers did not stay quiet during this ordeal but have instead gone to Twitter, where they continuously taunted the company and its officials. They seem to be a Russian hacking group that calls itself ‘Apophis Squad’, and they were quick to claim responsibility.

We're back you clowns.

— Bart Butler (@BartCButler) June 27, 2018

Yo @BartCButler Say sorry for calling us clowns and we will allow your network backup! (@ProtonMail & @ProtonVPN )

— APOPHIS SQUAD (@apophissquadv2) June 27, 2018

Just say sorry to us. Then we will let you backup! https://t.co/F0iSQ9SJXQ

— APOPHIS SQUAD (@apophissquadv2) June 27, 2018