You are here
Home > Tech > ProtonMail suffers DDoS attack that takes its email service down for minutes

ProtonMail suffers DDoS attack that takes its email service down for minutes

It’s been an unexpectedly slack day for digital comms services. It’s not just workplace IM tool Slack suffering outages but end-to-end encrypted email service ProtonMail too.

In the latter case, the company has blamed several hours’ worth of sporadic outages on a major DDoS attack.

Our network has been under sustained attack this morning. We are working with our upstream providers to mitigate the attack. Emails are delayed but will not be lost. Thank you for your patience.

ProtonMail (@ProtonMail) June 27, 2018

In a statement on Reddit the company says the attack is “unlike the more ‘generic’ DDoS attacks that we deal with on a daily basis” — which in turn meant its upstream DDoS protection service (Radware) needed more time than usual to mitigate the attack.

The longest outage has been “on the order of 10 minutes,” according to ProtonMail.

Back in 2015 the then fledgling startup suffered a major DDoS attack. And felt compelled to pay a ransom to fend off the hackers — a decision which earned it criticism from some segments of the security industry, and is perhaps coming back to haunt it now. Although the experience also led ProtonMail to spend on upgrading its defenses.

Since then it’s had a good record with uptime, despite dealing with DDoS attacks on a daily basis.

That said, while it’s claiming today’s attacks were orders of magnitude bigger than usual, its CTO Bart Butler also sounds less than pleased with how things went down today, tweeting in response to a user: “We will be evaluating this incident in the future, as it definitely should have been handled better.”

We were actually a little slow this time. Sorry.

— Bart Butler (@BartCButler) June 27, 2018

“Radware is making adjustments to their DDoS protection systems to better mitigate against this type of attack in the future,” the company also writes on Reddit. “While we don’t yet have our own measurement of the attack size, we have traced the attack back to a group that claims to have ties to Russia, and the attack is said to have been 500 Gbps, which would be among the largest DDoS’s on record.”

“It is multi-vector, and they are dynamically changing the type of attack traffic they are sending at us, so it’s a higher level of sophistication than the usual ones,” founder Andy Yen told us, in the midst of firefighting the attack earlier today.

He also pointed out that the attackers’ Twitter feed included them having “called in a lot of fake bomb threats recently,” adding: “They are clearly bad actors and we will pass on any intelligence we gather to the appropriate authorities after we make our own investigation and research.”

500gbps just too big.

— APOPHIS SQUAD (@apophissquadv2) June 27, 2018

A little later today, and a little more comfortable about having got the attack under control — despite confirming the attackers are “still hitting us” — Yen said: “Throughout the day, we have gotten a lot better at blocking this type of attack so now things are stable.

“I wouldn’t go so far as to say we have ‘won’ as these things can sometimes go on for multiple days, but its much harder for them to get through now.”

Asked why he thought ProtonMail is being targeted he declined to speculate, saying only: “The reason behind these attacks is always hard to know for sure. For instance, a lot of times, the stated reason is a cover for the actual reason.”

Meanwhile the Russian hackers claiming responsibility for ProtonMail’s attack — a group calling itself Apophis Squad — had been using Twitter (where they appear to have had an account since October 2016) to taunt ProtonMail users and trade insults with Butler.

We're back you clowns.

— Bart Butler (@BartCButler) June 27, 2018

Yo @BartCButler Say sorry for calling us clowns and we will allow your network backup! (@ProtonMail & @ProtonVPN )

— APOPHIS SQUAD (@apophissquadv2) June 27, 2018

Just say sorry to us. Then we will let you backup!

— APOPHIS SQUAD (@apophissquadv2) June 27, 2018

Summing up, Yen dubs it “a rough day for messaging.”

Though at the time of writing it’s still not clear what the root cause of Slack’s issues are.

We think we've isolated the issue, and we're getting close to a resolution. Thanks for hanging in there.

— Slack (@SlackHQ) June 27, 2018

Read more about this at