FastMail falls over as web service extortionists widen attacks and up their prices
Concerted assaults on five providers and counting
FastMail has become the latest web services company to get taken down by distributed denial of service (DDoS) raiders who are trying to extort Bitcoins in exchange for internet access.
The company reports that its servers were down briefly on DDoS attack Sunday 8 November, after the people responsible contacted the company with a ransom demand, asking for 20 Bitcoin (worth around $7,500) to make the assaults go away. Another attack occurred on Monday.
"First of all, we would like to make one thing clear. We do not respond to extortion attempts, and we will not pay these criminals under any circumstances," the firm said in a blog post.
"We have dealt with DDoS attacks before, and have recently been strengthening our defenses to deal with such issues. However, there is still a chance that the attacks will cause some disruption for our users, so we are publishing this as an advance warning and to give as much information as we can on what to expect."
The news comes after ProtonMail suffered a similar extortion attack, although in that case the marauders were only asking for 15 Bitcoin. Under pressure from companies caught up in the attack, ProtonMail paid up, but that didn’t stop the assaults coming in thick and fast on the firm.
The two companies are not the only ones to be targeted by the DDoS extorters. November 4 through 6, Runbox was hit by multiple DDoS attacks from a group calling itself the "Armada Collective," also accompanied with extortion demands – although the group later dropped its request for payment and apologized.
On November 4 cloud office applications provider Zoho was also hit and the attack came with a ransom demand. Zoho spent the next six days fighting to keep its servers online. A day later secure webmail firm Hushmail came under a money-with-menaces DDoS attack, which is still ongoing.
Police in Europe are currently searching for the group or groups behind the assaults, but it's going to be a tough job – DDoS attacks are easy and quite cheap to organize. In the meantime, the tech industry is holding firm and not paying up, unlike certain US police forces. ®
Sponsored: Becoming a Pragmatic Security Leader