Menu
Ransom attacks likely to fade as small email providers resist

Ransom attacks likely to fade as small email providers resist

Small email providers are a softer target for cybercriminals

The spate of cyberattacks against email providers is likely to pass with time as they refuse to pay ransoms. But that doesn't mean the attacks haven't cost them.

Since early this month, the list of companies that have been attacked has grown longer: first ProtonMail of Switzerland, followed by HushMail, RunBox, VFEmail, Zoho and FastMail of Australia.

The companies have typically received extortion requests by email asking for 10 or 20 bitcoins in exchange for not being subjected to distributed denial-of-service (DDoS) attacks.

DDoS attacks involve sending a large amount of data traffic to a company's network, causing the service to choke and go offline.

Email is a tough business these days. Smaller providers face competition from mega-companies such as Google, Microsoft and Yahoo, so profit margins from offering premium services can be thin.

That's in part why service disruptions can be harmful. Email services also face more challenges in defending their systems, said Rob Mueller, a director at FastMail in Melbourne.

DDoS attacks over the Web using the HTTP (Hypertext Transfer Protocol) can filtered out using proxy services. The attack traffic flows to a third party, such as a DDoS mitigation service, before it goes to the service provider.

But that technique can't be used for email protocols such as SMTP, IMAP and POP, which can't be proxied in the same way as HTTP web traffic, Mueller said.

There's another solution. An email company needs to have access to 256 IP addresses, known as a class C IP block. The block of addresses can then be used to spread out the attack to that ISP's various points of presence.

The bad traffic can then be scrubbed out, and the good traffic is sent using the GRE (Generic Routing Encapsulation) protocol to the email provider, Mueller said.

But that fix isn't cheap and can cost up to US$10,000 a month. It's what makes email providers "the perfect target for a shakedown," Mueller said in a phone interview. 

By making the ransom less than $10,000, the attackers are sort of hoping that paying a ransom will be a cheaper, albeit short term, option.

It worked one time with ProtonMail. Faced with an escalating attack that affected its ISP and other companies, it paid a ransom. Later, it acknowledged that paying was the wrong move.

FastMail was asked to pay a ransom of 20 bitcoins -- about $6,800 -- before the attacks began around Sunday, Mueller said.

"Just out of principle, we would never pay," he said.

FastMail's ISP, NYI, already had capabilities in place through partners to mitigate the attacks, and it only experienced a mild disruption, Mueller said. FastMail blogged about its experience earlier this week.

Eventually, Mueller thinks those behind the attacks and copycat ones will just move on, as defenses are strengthened and companies refuse to pay.

"The main people making the money will be the DDoS defense providers," he said. "All the attempts to extort money will fail. Most people won't pay."


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments