At least three email service providers have been hit by large distributed denial of service (DDoS) attacks on Friday, resulting in prolonged outages, The Record has learned.
“We have received a threatening letter and a demand for money,” Posteo said in a blog post earlier today.
“We will not pay the amount of money demanded. Companies must not allow themselves to be blackmailed by criminals under any circumstances: Otherwise they will become even more attractive to them. And DDoS attacks often are not stopped even if money has been paid,” the German company said.
While Fastmail and Runbox have not confirmed receiving similar ransom demands, the attacks were carried out by the same threat actor, according to a person familiar with the matter who spoke with The Record earlier today. Similar extortion requests are believed to have been sent to the two companies as well.
At the time of writing, Fastmail and Posteo have resumed operations while Runbox is dealing with a new assault.
Additionally, UK VoIP provider Voipfone and gaming server provider Sparked also dealt with similar DDoS attacks today, but the attacks have been carried out by different threat actors, unrelated to the coordinated attacks on email providers.
While generally overshadowed by the extortion attempts orchestrated by ransomware gangs, threat actors who rely on DDoS attacks to force companies to pay ransom requests are still very active.
Last month, several DDoS extortion attempts were registered against internet service providers and financial entities across several countries, such as Russia, the UK, the US, and New Zealand—with some of the attacks being carried out using a new botnet called Meris.
Source: Recorded Future