Runbox is under attack by extortionists

On Friday evening Norwegian time, Runbox started experiencing Distributed Denial of Service (DDoS) attacks by extortionists demanding that we pay them an amount of Bitcoin to stop the attacks.

The attacks consist of a massive volume of data traffic, in excess of 50 Gbps, to our service that overwhelm our servers and intermittently block our customers from accessing our services.

Runbox has persevered against similar DDoS attacks in the past and never in our history paid criminals who attack our services. And we are not going to start now.

Paying extortionists would provide no guarantee that further attacks would be prevented, and could instead make the victim more attractive for similar attacks. Furthermore, funding such criminal activities would only increase the likelihood of further attacks by the same criminals or other malefactors.

Since these DDoS attacks started we have worked with our system administrators and Internet Service Provider to mitigate the attacks. We are considering further mitigation options and appreciate the offers we have received from DDoS mitigation specialists who wish to help.

We have also learned that Runbox is not alone in being attacked, as The Record reports that Fastmail and Posteo are also under attack by the same extortionists.

Anyone who is experiencing DDoS attacks is encouraged to never capitulate. Let us instead coordinate our fight against these criminals and fully cooperate with relevant law enforcement in our respective countries.

We also encourage our respective customers to continue supporting independent email services such as the three of us now under attack. We thank you for your patience and understanding while we fight to regain your access to our services.

We will keep you updated on our Service Status page and assure you that we are doing everything in our power to restore services for you.

The full extortion letter is pasted below.

From: Cursed Patriarch
Posted on: 22 Oct 2021 – 15:56

Subject: EXTORTION: DDoS attack


I will start 1-2 hours attack on your site. It will not be hard as I don’t want to impact your business now. Just check your logs to see that I’m for real.

Pay me 0.06 BTC to 3GBAUXHmfxideRQWqRagtQRznB2GdUuMkfand I will never attack you again.

If you don’t pay within until Monday, total shut down is coming, cheap protection will not help my fee will increase and if you refuse you will lose much more then that.

Pay 0.06 now to prevent suffering.

Best regards,
Cursed Patriarch

P.S. This is disposable email. Do not reply.

32 thoughts on “Runbox is under attack by extortionists”

  1. Heng i, Geir & Co! Thanks for all you’re doing and the stance you are taking. It’s the right thing. We love Runbox.

    1. Well done. Sorry to hear you are going through this but you are dealing with it the right way. I have not seen issues here. Thank you very much for keeping us informed.

    2. November 22, 2021. I am unable to access the link to pay a late subscription fee. Hence, I cannot receive any email … explains why subscription payment is late …. Cannot log onto as account is past due. The only credit card I have is demanding I confirm my email before I can access that account to know how much I owe them as they send an email on which I must click/tap the link that states “Confirm Email Account.” This leaves me trapped. I agree you should not pay criminals, extortionists. But what should I do???

  2. I appreciate your willingness stand up to cyber terrorist’s. What is disappointing is that after being in business for 10 years and with cyber crime on the rise that you have not invested in technology to mitigate these types of attacks. An unreliable product, email in particular, is not useful. I haven’t been on your platform for long and I will be rethinking my choice.

  3. You’re doing the right thing by not paying these creeps.

    Stay strong and know that you have our support.

  4. Thank you for keeping us informed about this and I also agree that the stance you are taking is the right one. Please let us, your satisfied users, know if there is anything we can do to help.


  5. Hi Runbox team,

    Thank you for being so transparent about this. Keep it up and I hope the service won’t be getting much disruptions from the ddos attack.

  6. In my local time, you were pretty much out for the daylight hours of Saturday, and I suspected that you were experiencing another DDOS extortion attack. Never pay. If you reveal a willingness to deal with them on their terms once, they’ll assume that you’re open to “negotiation” again.

  7. Thanks for all the work and being so transparent. I totally support your decisions. I’d rather use a service with a few disruptions than support a company which pays the ransom.
    Keep fighting!

  8. Thank you for not paying. You have my full support, and I hope you can successfully deal with the situation.

  9. Dear Geir,

    Never pay these folks. You guys are a great company with stellar service, keep it up!

    All the best,


  10. Is Protonmail aware of that protonmail services are used to criminal activities? It seems that Protonmail logs ip adresses, just saying.

    Keep up the good work, im very seatisfied with the Runbox service.

  11. I don’t know, bitcoin has a lot to answer for, arch criminality no longer has any poetry to it.


    “1 billion dollars into my Swiss bank account, Mr Bond, or I destroy Oslo with my laser beam.”

    “Pay 0.06 bitcoins to wgeuwgskdbsiwwj”

    Stand up for poetic justice, unfortunately one is real and the other is not. Keep going with what you do.

  12. We assume that you are still under attack Monday morning October 26, 13:11 GMT.

    We are getting a Send/Recieve error messagw while using outlook.

    Do not pay

  13. Dear sirs

    While understanding the situation, now it is three days that I have access to my mail and can download it into my local software, but cannot send answers trying at different hours.

    The outgoing mailbox is more than full. The situation is hardly sustainable as this is my tool for work and I am close to collapse.

    I do not know if you can propose other solutions than just wait.

    Warm regards

  14. Please share as much information as possible as to the willing participants.

    ** Even “disposable email” has providers and associates.

    >As ‘internet users’ “WE” can boycott any internet business that condones or participates in this kind of behavior, “if we have the information”. <

    When They attack you, They are also Attacking every one of us,
    … your faithful customers, I would think most of your customers will be
    willing to stand with you in this matter.
    ! … Hopefully we can do more than just stop them, lets take them down and expose their whole organization !

    *** THEY started this ! Let us not play the part of "Victim"

    ? .. I DO wonder if this is only about the ransom ?
    or could it be actually be because your customers are seeking privacy ?

    Thank You for sharing !

Leave a Reply

Your email address will not be published. Required fields are marked *