On Friday evening Norwegian time, Runbox started experiencing Distributed Denial of Service (DDoS) attacks by extortionists demanding that we pay them an amount of Bitcoin to stop the attacks.
The attacks consist of a massive volume of data traffic, in excess of 50 Gbps, to our service that overwhelm our servers and intermittently block our customers from accessing our services.
Runbox has persevered against similar DDoS attacks in the past and never in our history paid criminals who attack our services. And we are not going to start now.
Paying extortionists would provide no guarantee that further attacks would be prevented, and could instead make the victim more attractive for similar attacks. Furthermore, funding such criminal activities would only increase the likelihood of further attacks by the same criminals or other malefactors.
Since these DDoS attacks started we have worked with our system administrators and Internet Service Provider to mitigate the attacks. We are considering further mitigation options and appreciate the offers we have received from DDoS mitigation specialists who wish to help.
We have also learned that Runbox is not alone in being attacked, as The Record reports that Fastmail and Posteo are also under attack by the same extortionists.
Anyone who is experiencing DDoS attacks is encouraged to never capitulate. Let us instead coordinate our fight against these criminals and fully cooperate with relevant law enforcement in our respective countries.
We also encourage our respective customers to continue supporting independent email services such as the three of us now under attack. We thank you for your patience and understanding while we fight to regain your access to our services.
We will keep you updated on our Service Status page and assure you that we are doing everything in our power to restore services for you.
The full extortion letter is pasted below.
From: Cursed Patriarch
Posted on: 22 Oct 2021 – 15:56
Email: ravid.grossman@nullprotonmail.comSubject: EXTORTION: DDoS attack
Hi,
I will start 1-2 hours attack on your site. It will not be hard as I don’t want to impact your business now. Just check your logs to see that I’m for real.
Pay me 0.06 BTC to 3GBAUXHmfxideRQWqRagtQRznB2GdUuMkfand I will never attack you again.
If you don’t pay within until Monday, total shut down is coming, cheap protection will not help my fee will increase and if you refuse you will lose much more then that.
Pay 0.06 now to prevent suffering.
Best regards,
Cursed PatriarchP.S. This is disposable email. Do not reply.