Comment by onewaystreet
10 years ago
This is the first case I've seen where a digital blackmailer didn't follow through with their promise. It's bad for business for them to renege as it increases the chance that their next victim wont pay.
10 years ago
This is the first case I've seen where a digital blackmailer didn't follow through with their promise. It's bad for business for them to renege as it increases the chance that their next victim wont pay.
I have no idea how to verify the statements, but I found some comments on the blockchain.info page for the bitcoin address regarding the DoS. It is supposedly from the blackmailers: https://blockchain.info/address/1FxHcZzW3z9NRSUnQ9Pcp58ddYaS...
"Somebody with great power, who wants ProtonMail dead, jumped in after our initial attack!" "We have no such power to crash data center and no reason to attack ProtonMail any more!" "WE DO NOT HAVE THAT POWER! NOT EVEN CLOSE!" "We are not attacking ProtonMail! Our attack was small, directed at their IP only and lasted 15 minutes only!"
I don't believe Protonmail have said they have received any more requests for money, so that would go along with the above. I agree that it was silly to pay the blackmailers, but there is some reason to believe that these are two separate attacks.
Verified. ProtonMail received no additional requests for money. And, those are the attackers' words. The original attackers claim they stopped. They hit many other Swiss companies and stopped after they were paid, as well. They are screwed now (and seem to be panicking a bit) because the size of the secondary attack was enough to knock a portion of Swiss internet infrastructure off line, anger some high profile businesses (including banks), anger the Swiss Government, and cause the matter to become a high profile case for Europol.
The original DDoSers actually did honor the ransom and stop their attack. However, another group started hitting them after the ransom was paid. Probably because they just advertised themselves as people who will reward DDoS attacks.
Of course. That's what any clever criminal would do, if they pay up once chances are they'll pay up again. My ISP was hit like this a few months ago and sent out an email outlining the situation to their customers before the second wave began to give us a heads up and very clearly stated they had absolutely no intention of paying whatever would happen and that's the only acceptable stance and I as their customer fully supported them in this decision and would have left if they had decided otherwise.
Props to cloudflare for standing by to help out in that particular instance, absolutely fantastic.
The article states that it was most likely two different attackers, due to the different methods used and the blackmailer denying responsibility for the comtinued (unsophisticated) attack.
I'm not sure what to think, but I can easily understand why they did pay. It's easy for others to say what would be best for the industry, but when you are the one suffering and your ISP is angry at you, and you can pay a small sum to (possibly) make the problem go away, your opinion will change.
From what it seems, there were two DDoSers. The ones they paid to, did stop DDoSing, but the other one is unknown and is still doing it. The first one did contact them and tell them that they had already stopped DDoSing.
I think the most likely scenerio is actually that the blackmailers are outsourcing the DDOSing so there was a communication delay and/or there is some latency/delay when issuing commands to the botnet.