Distributed denial of service (DDoS) attacks with extortion demands for payments in Bitcoin cryptocurrency to stop them are becoming more and more popular in 2015, but what happens if you give in and pay the ransom?

Switzerland-based email service provider ProntonMail (Proton Technologies AG) has found out the hard way that paying the ransom doesn’t work after the company experienced the multiple DDoS attacks and paid the ransom.

The company was hit by its first DDoS attack on November 3, complete with a now usual email preceding it that warned it would happen if a payment was not made; after the first attack resulted in the website being offline for fifteen minutes,  a second attack on November 4 was described as being more sophisticated and intense.

After taking steps to mitigate the attacks with their datacenter and their upstream provider, the attack went further: “The attackers began directly attacking the infrastructure of our upstream providers and the datacenter itself,” ProntonMail wrote in a blog post.

“The coordinated assault on our ISP exceeded 100Gbps and attacked not only the data center, but also routers in Zurich, Frankfurt, and other locations where our ISP has nodes. This coordinated assault on key infrastructure eventually managed to bring down both the data center and the ISP, which impacted hundreds of other companies, not just ProtonMail.”

Given the impact of the attack on other companies, the company explained why the paid the money demanded, writing “At this point, we were placed under a lot of pressure by third parties to just pay the ransom, which we grudgingly agreed to do at 3:30PM Geneva time to the bitcoin address 1FxHcZzW3z9NRSUnQ9Pcp58ddYaSuN1T2y.”

“This was a collective decision taken by all impacted companies, and while we disagree with it, we nevertheless respected it taking into the consideration the hundreds of thousands of Swiss Francs in damages suffered by other companies caught up in the attack against us. We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless.”

As previously mentioned this is where things didn’t go as planned.

“This was clearly a wrong decision so let us be clear to all future attackers – ProtonMail will NEVER pay another ransom,” the company added as attacks continued after they made the payment, although there is some suggestion that the later attacks may have come from a different group who had heard that the company was willing to pay up to stop them.

Lesson learned

Giving in to cyber extortion of this kind simply encourages further attacks, not just on the company targeted but with other companies as well, as it confirms to the people behind these attacks that payment may be forthcoming.

The only positive out of this is that ProtonMail has been highly transparent with what has occurred, and where they stand now.

“At present, ProtonMail’s infrastructure is still vulnerable to attacks of this magnitude, but we have a comprehensive long-term solution which is already being implemented,” the company noted.

The moral of the story is simply don’t pay ransom demands no matter how bad the DDoS attacks get.

Image credit: quinnanya/Flickr/CC by 2.0