Comment by hocuspocus
10 years ago
From their blog: https://protonmaildotcom.wordpress.com/
At around 2PM, the attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself. The coordinated assault on our ISP exceeded 100Gbps and attacked not only the datacenter, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the datacenter and the ISP, which impacted hundreds of other companies, not just ProtonMail.
At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y. This was a collective decision taken by all impacted companies, and while we disagree with it, we nevertheless respected it taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companies caught up in the attack against us. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. This was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will NEVER pay another ransom.
They put their customers in charge of the company? This gets weirder all the time. The problem is that they asked their customers in the first place. They should have simply communicated the fact that they would be under attack shortly and indicate that they would never ever pay a red cent.
That would give their customers time to batten the hatches and/or migrate off the system for the time being while sending a clear signal that they would not pay anyway.
This is a tough situation to be in but putting your customers in control of the company (and in a democratic way no less) is not the solution. What about those customers that decided (rightly imo) against paying?
Companies such as these should have an up-front item in their terms of service indicating that they would never pay a ransom, that way they would be clear to both their customers and their potential attackers.
"This was a collective decision taken by all impacted companies"
I think they were put under pressure by other companies using the same IPS, not their customers.
That's even weirder. They have obligations to their customers not to their neighbors in the same DC, that's the territory of whoever handles their hosting.
8 replies →
ProtonMail can't be trusted with any decisions about its business going forward, no matter how good their service (of which I still have doubts anyway). I mean, who knows what kind of compromises they will make next if they get "pressured" by the government or whoever to put a backdoor in their service.
I always find that the best way to make a decision about who to trust is on the basis of a brief article by a third party that, in a 2 minute read, covers high pressure events that spanned many hours. Even better if you throw in some highly informed opinions by random people in an online community. It's a very reliable way to decide on important things like trust.
So if you start following what flows out of that bitcoin account, couldn't you find out who it benefits?
No. They ran the coins through a Coin Mixer: https://coinmixer.net
Theoretically maybe, but I'm sure they'll be using a mixing service to obfuscate the destination(s).