New DDoS Attack Friday

November 6th, 2015  |  Published in News  |  32 Comments

We are currently being attacked again, and are working with our partners to deflect the attack. At the moment our email services are inaccessible.

We greatly appreciate your support and will do everything we can to resume normal operations.

If you can’t reach our regular websites, please see and for updates.

UPDATE 18:30 CET: We are partly back online after putting in place new countermeasures.

UPDATE 19:15 CET: Our email services are currently inaccessible and we are working to mitigate the attacks.

UPDATE 19:25 CET: Email services partly online again.

UPDATE 19:50 CET: Some of our customers will have intermittent access while we implement various measures. We can’t provide any details about these, but it’s a fairly busy day at Runbox. We greatly appreciate your understanding and support while we fend off these attacks.

UPDATE 23:26 CET: We are starting to open up services again for the time being. There will be an incoming mail queue. Thanks again for your understanding.

UPDATE 00:13 CET: Services are returning to normal now. There will be an incoming mail queue for a while. Thanks again for your patience and understanding.

UPDATE 01:46 CET: Services are continuing to return to normal now. There will be incoming mail delays for a while as external mail servers that tried to deliver mail earlier try again. Thanks once more for your patience and understanding during the last few hours.

UPDATE 08:45 CET: Services are currently running normally.



  1. Kamil says:

    November 6th, 2015 at 18:08 (#)

    Thanks for the update, keep up the good work!

  2. Kim@RunboxSolutions says:

    November 6th, 2015 at 18:23 (#)

    Thanks, Kamil!

  3. Jane Cooper says:

    November 6th, 2015 at 18:23 (#)

    Fully support how you’re dealing with these atrocious attacks, even if it means being without email for a while – don’t give in to the bastards.

  4. Julie Voeck says:

    November 6th, 2015 at 18:28 (#)

    Really appreciate the updates – thanks


  5. Geir says:

    November 6th, 2015 at 18:35 (#)

    Thank you, Jane!

  6. L says:

    November 6th, 2015 at 18:40 (#)

    Damn it I have accounts in both vfemail & runbox and both are affected. Is it the same bastards? Can anything be done?

  7. Eric says:

    November 6th, 2015 at 18:44 (#)

    I agree with Jane. Don’t give in.

  8. Nick says:

    November 6th, 2015 at 18:51 (#)

    It seems like Hushmail and ProtonMail, only to name these, are currently experiencing the same DDoS attacks, and have been targets over the past days.

    It would be interesting to investigate, during the next “cyber-ceasefire”, on whether only small, independent and security-oriented e-mail providers were targeted, or if standard and larger providers were also attacked these days.

    Were you and your partners able you trace back the country of origin of past days assaults?

    In any case, I wish you the best of luck countering this. You provide an excellent service year-long, keep up the good work!


  9. Tony says:

    November 6th, 2015 at 18:56 (#)

    I’m a relatively new user of Runbox, and wanted to ask you something.

    Does the DDoS attack merely mean that sent email, or email sent to me, will simply be delayed in arriving?

    I’m concerned that messages I send or which are sent to me, might disappear.

    I wish you every success in permanently fortifying your system against such attacks, in the interests of your customers.

  10. Björn says:

    November 6th, 2015 at 18:57 (#)

    Thanks for keeping us informed and thanks for not giving in.

  11. Eric C says:

    November 6th, 2015 at 19:41 (#)

    Thanks a lot for your updates.
    Keep calm and carry on !!

  12. Elizabeth Mors says:

    November 6th, 2015 at 19:48 (#)

    i really appreciate the status updates as i am working on a project that is also having a crisis myself and these update have enabled me to retrieve information i needed so i could continue working using an alternate server.
    i agree. you can’t give in. next time they will want more money and it only empowers them to attack other people.
    thanks for being such a good service.

  13. Kamil says:

    November 6th, 2015 at 20:34 (#)

    Tony, these attacks should not impact your incoming or outgoing email. These will be delivered when the attacks stop. The incoming mail might fail to be delivered if the DDoS persists for a long time, a week or so – which is rarely the case.

  14. simon says:

    November 6th, 2015 at 20:42 (#)

    Dear Runbox team

    I have been a customer for 7 years you provide a great service and therefore have loyal customers – you will be successful in beating this off

    best wishes


  15. Michael says:

    November 6th, 2015 at 20:47 (#)

    Thanks for keeping us updated and for all the hard work!

  16. Marsha says:

    November 6th, 2015 at 21:32 (#)

    How will you let us know that you have solved the problems? Do you have alternative email addresses for your customers? I do need my email, but support your efforts to not give into these criminals.

  17. Elizabeth Morse says:

    November 6th, 2015 at 22:05 (#)

    interestingly enough, it is my laptop that is down. i can access the email on my tablet using the android email client.
    don’t know if that helps any

  18. Kim@RunboxSolutions says:

    November 6th, 2015 at 22:29 (#)

    Marsha: We will update you here. Your problem is lack of incoming email or not being able to log on to your email?

    Elizabeth: That can happen depending on the settings used. But there will not be new incoming email, even if you can access your email, right now.

  19. R says:

    November 6th, 2015 at 22:34 (#)

    Damn, had to reinstall windows today, so i need to verify my account via email to access my steam account again. Agreed to play with some friends today ;_;

    But anyway, since that didnt work I went out in real life agiann today 😉 thanks hackers 😛

  20. Geir says:

    November 6th, 2015 at 23:27 (#)

    Nick: Due to the nature of the attacks (distributed and using compromised computers) it’s very difficult to trace them.

    Thank you for your support!

  21. Marc says:

    November 6th, 2015 at 23:52 (#)

    Keep up the good fight! Thank you for all you do.

  22. L says:

    November 7th, 2015 at 00:47 (#)

    Vfemail’s host has abandon them. Its going to have some tough time for the near future according to their site. Did I read correctly that protonmail may have paid the blackmail?

  23. Tim says:

    November 7th, 2015 at 02:00 (#)

    Thanks to everyone at Runbox! We really appreciate your efforts and for keeping us posted. Runbox’s philosophy and security stance are a large part of why we subscribe and will continue to do so.

  24. alec says:

    November 7th, 2015 at 02:31 (#)

    Agree with Jane, Björn, simon and others – your customers appreciate what you do for us. Keep strong. We’re with you.


  25. R says:

    November 7th, 2015 at 06:24 (#)

    I have both hushmail and proton…neither gave updates like this site.

    Hushmail came back, but now intros with CloudFlare which I’ve never seen (apparently an umbrella secure site which such email servers subscribe to.) I changed my p/w immed on login

    I can’t obtain access to proton (Sat. midnite since 9 am EST)–thankfully just started a month ago and was planning on migrating emails to there. Dead white space. –rethinking THAT.

    Wonder if it is a coordinated US (pick three letters) attack to keep everyone unsecure for continued infiltration and access.

  26. nobody says:

    November 7th, 2015 at 07:37 (#)

    Well done, Runbox! Kudos to you and your ISP and hosting partners for standing against the DDoSers. You didn’t pay and you won in every aspect. You also helped others by preventing the group from getting more funds to run even more attacks to get funds to run even more attacks. ProtonMail did pay and they effectively funded the continued attack against themselves and a new attack against Runbox.
    You’re rocking Runbox!

  27. Kim@RunboxSolutions says:

    November 7th, 2015 at 15:51 (#)

    R: Hushmail decided to go to CloudFlare to get protection and I can understand them as it is a easy way out of the problems.

    For us that was not a option for privacy reasons. Using CloudFlare means that all traffic to our services would go to CloudFlare before they go to us. That is not what our users want.

    nobody: We also worked hard to alert the ISPs of the nodes that was being used in the attacks. I dont know if the others that were affected did this. They might have.

  28. Also know as.... says:

    November 7th, 2015 at 18:22 (#)


    Thanks very much for all your updates thus-far on the situation. I’m aware from the press the stress this is causing to you and the rest of the team at Runbox. However I can only try to imagine ferocity of the situation.

    Thank you very much for not paying for the service of these bastards. Keep your head and please stay focused and continue to provide the excellent service you provide us. As a good man once said Don’t let the bastards get you down!

  29. R says:

    November 7th, 2015 at 21:46 (#)

    Thanks Kim…I will use Hushmail as a “public” server. and not post anything there of a private nature…I think once out of this mess, I will give Runbox a serious look…more caring than most

    TO “Nobody”: How you find this out about Proton? I looked everywhere


  30. R says:

    November 7th, 2015 at 22:47 (#)

    Nobody et al…I found Proton news via privacy search engine Ixquick

    Proton using WordPress blog to highlight chronology of events, lessons for all of us. They suffered through 2 events, paying $6K via Bitcoin for first wave of flooding attack. P said it needed to pay since $100hundreds losses were impacted by its customers.

    Second wave, however, was considered “state-sponsored,” with heavy backing by those against encryption as a policy or as a right of freedom. Supposedly, these backers did not like the usage of VPNs.

    P planning on coming on line next week or so…major rehabilitation of its network

    Will I go back, probably not…state-sponsored will never tire of the intrusions

    why don’t they just go away and leave us alone, versus wasting tax dollars to investigate nonsense…

  31. L says:

    November 8th, 2015 at 12:17 (#)

    Looks like another company paid just like protonmail and still gets taken out.

  32. Theresa says:

    November 21st, 2015 at 18:23 (#)

    I am so sorry this is happening to Runbox. I can only imagine the work hours that have gone into trying to keep things running.

    Runbox has been an excellent support to me. Always on top of everything! Quick and patient to explain or fix whatever I’ve needed.

    Thank you for keeping me informed and thank you for your excellent service! Why would I ever want any other e-mail service!

Leave a Response