Group Tied to Russia Attacked ProtonMail

Group Tied to Russia Attacked ProtonMail

Twitter was abuzz this morning after ProtonMail tweeted that its network had been under sustained attack, the result of a distributed denial-of-service (DDoS) attack traced back to a group claiming to have ties with Russia.

The attack impacted both ProtonMail and ProtonVPN so that the services were "intermittent at best," as one person wrote on Twitter. After several hours, the service has been restored and all queued emails have been sent or delivered.

"Our network was hit by a DDoS attack that was unlike the more 'generic' DDoS attacks that we deal with on a daily basis," a ProtonMail spokesperson wrote in an email. "As a result, our upstream DDoS protection service (Radware) needed more time than usual to perform mitigation."

While the entire duration of the attack lasted several hours, the outages were far briefer, with most lasting only minutes at a time, though the longest outage was on the order of 10 minutes.

"Radware is making adjustments to their DDoS protection systems to better mitigate against this type of attack in the future. While we don't yet have our own measurement of the attack size, we have traced the attack back to a group that claims to have ties to Russia, and the attack is said to have been 500 Gbps, which would be among the largest DDoS's on record," the spokesperson wrote. 

ProtonMail confirmed that there was no data breach and that no emails were compromised or lost. In order to ensure the safety of the data stored on their servers, ProtonMail uses zero-access encryption to store the content of emails, an added layer of protection in the event of a breach.  

Source: Information Security Magazine