Information that should be shared:
From Jenna Jonteaux-McClay, A Runbox and Posteo user and Mailmate of course!
On Friday evening Runbox, along with at least two other email services, started
experiencing Distributed Denial of Service (DDoS) attacks by extortionists who
are demanding that we pay them a ransom to prevent further attacks.
The attacks consisted of a massive volume of data traffic against our services
that overwhelmed our servers and intermittently blocked our customers from
accessing their email.
This message contains important information about these attacks, what Runbox is
doing to mitigate the situation, and what you as our customer can do if you
experience any disruptions.
For our most recent updates regarding this incident, please see our Service
Status page at http://status.runbox.com.
How might this attack affect me?
The extortion letter we have received from the attackers included threats about
more severe DDoS attacks on Monday if Runbox does not pay the ransom.
Paying criminals money that you as a customer have originally paid us for the
services we provide is unacceptable, and would only fund further attacks in the
future.
If Runbox is subject to another DDoS attack you may experience problems
connecting to our website and email services, and there
might be delays delivering incoming and outgoing email. Our web hosting
services may also become inaccessible.
The attacks will not affect any of the data stored on the Runbox servers. Your
email is securely stored and is safe from these types of
attacks.
You can find more information about the nature of DDoS attacks further down in
this message.
What is Runbox doing about this?
Since the attacks started we have worked around the clock with our system
administrators and Internet Service Provider to mitigate them, and are
implementing additional measures in preparation for possible further attacks on
Monday.
Although we cannot reveal details of these measures at this time we can assure
you that we are doing everything in our power to ensure that our services
remain accessible to all our customers. The measures we are deploying will also
strengthen our defenses in the event of future attacks by other groups.
We should be clear that DDoS attacks are a criminal act, and that demanding a
ransom to prevent them is extortion. Runbox has persevered against similar DDoS
attacks in the past and never in our history paid criminals who attack our
services. And we are not going to start now.
In fact, anyone who does comply with such blackmailing to prevent DDoS attacks
helps create a market for these criminal groups.
Instead we will report this incident to The Norwegian National Authority for
Investigation and Prosecution of Economic and Environmental Crime, and will
cooperate with the Norwegian Computer Emergency Response Team (NorCERT) to
mitigate against further attacks.
We have also learned that Runbox is not alone in being attacked, as The Record
reports that Fastmail and Posteo are also under attack by the same
extortionists:
https://therecord.media/ddos-attacks-hit-multiple-email-providers/
We are now coordinating our fight against these criminals and will cooperate
with relevant law enforcement in our respective countries.
Why not just pay the ransom?
Paying extortionists would provide no guarantee that further attacks will be
prevented, and could instead make the victim more attractive for similar
attacks.
Furthermore, funding such criminal activities would only increase the
likelihood of further attacks by the same criminals or other malefactors.
Anyone who is experiencing DDoS attacks is encouraged to never capitulate, as
it only makes the market for these criminal activities grow stronger.
What can I do?
Runbox, together with our partners, will do everything we can to continue
fighting these attacks, and our goal is to prevent any further disruptions to
our services.
If you experience disruptions in our services, please try again in a short
while. If our webmail doesn't respond you may also set up an email client which
may respond in the meantime, as described here: https://help.runbox.com/imap/
Do not be concerned that there are any technical issues with the Runbox servers
themselves. Once you are able to access our services again, any queued email
will be delivered to your account and no data will be lost.
You can at any time access our Service Status page at http://status.runbox.com
and find our updates regarding this incident. You may also inform any
sub-accounts by forwarding this message to them.
We refuse to give criminals the power to decide which Internet services you
use, and we ask that you continue supporting Runbox and other independent
services who refuse to be defeated by extortionists.
What is a DDoS Attack?
A DDoS attack prevents users from accessing a service by using a large number
of computers to send a very large amount of requests to the targeted service.
This floods the bandwidth and resources of the system to a point where genuine
connections from users cannot get through. This makes the service appear to be
down.
DDoS attacks can exceed bandwidths of 1 Tbps, and involve a large network of
Internet-connected devices that have been hjacked by criminals. These
individuals or groups then direct the computers to send large amounts of data
traffic to their target, or sell their services to others who execute DDoS
attacks.
Such attacks can take place against any Internet service including email
services like Runbox, and often include demands to pay a ransom for the attacks
to stop.
If Runbox is attacked how can I get information?
In the event Runbox appears to be unavailable we will use the following
websites for status updates and points of contact:
- Our status page at http://status.runbox.com
- Our Twitter page at https://twitter.com/Runbox
- Our Support Center at https://support.runbox.com
We appreciate that this message might be confusing or alarming, and that you
may have questions that are not answered by the above.
You may then reply to this email, but keep in mind that we will be receiving
numerous requests and our main concern is to ensure that our services remain
accessible.
Know that we are already working with experts on mitigation and prevention of
such attacks, and that our services will soon normalize.
Best regards,
The Runbox Team
_______________________________________________
mailmate mailing list
[email protected]
https://lists.freron.com/listinfo/mailmate
