Image

"Attacks against infrastructure continued throughout the evening and in order to keep other customers online, our ISP was forced to stop announcing our IP range, effectively taking us offline," the company says, as reported by ZDNet. "The attack disrupted traffic across the ISP's entire network and got so serious that the criminals who extorted us previously even found it necessary to write us to deny responsibility for the second attack."To the company's surprise, the attackers even began sending Bitcoin back to ProtonMail, presumably in an effort to distance itself from the follow-up DDoS attack campaign.
“Somebody with great power, who wants ProtonMail dead, jumped in after our initial attack!” read one note by the criminals, according to Forbes. Another read: “We have no such power to crash data center and no reason to attack ProtonMail any more!”It might be possible that someone is using the Armada Collective name to go after ProtonMail. Whoever they are, the group is capable of conducting devastating DDoS attack campaigns against its targets:
"Our attacks are extremely powerful - sometimes over 1 Tbps per second. So, no cheap protection will help," reads the group's generic ransom note, which is available on Graham Cluley's website.
Image

“They know they are being hunted,” he said.Businesses that run a website are encouraged to maintain up-to-date security software and implement patches as soon as possible in order to avoid being hijacked by a botnet--a common DDoS machine. It is also recommended that organizations investigate anti-DDoS solutions to help avoid downtime should they be targeted by a group like the Armada Collective.