Blackmailed: DDoS Attack Against BlackVPN Could Start On Monday 25th of April.
Armada Collective have threatened to launch a DDoS attack on our services unless we pay a ransom in Bitcoins. We didn’t pay. DDoS attack expected soon.
What is a DDoS attack?
A DDoS (Distributed Denial of Service) attack is an is an attempt to make an online service unavailable by overwhelming it with traffic from 1000’s of different sources at once.
The servers or networks of the target become overwhelmed with traffic and are unable to function normally. Computers crash. Networks become congested. Services fail.
DDoS attacks against websites, banks and other services are common.
More than 2000 DDoS attacks are observed each day and around 1/3 of all downtime incidents are attributed to DDoS attacks.
We’ve been preparing for a DDoS attack.
On Monday 18th of April we received a message that our servers will be attacked by a powerful Distributed Denial of Service (DDoS) attack unless we pay 10.08 BTC ransom.
The email was from people claiming to be Armada Collective — the group who were responsible for one of Europe’s largest DDoS attacks against ProtonMail in November 2015.
The message could be from copycats who are pretending to be Armada Collective in order to trick us out of 10 BTC without actually having the resources to carry out their threat — or it could be from the real Armada Collective — we simply don’t know.
In the time since we received the threat we’ve been securing our systems and infrastructure against a DDoS attack in case the threat is real.
Other VPN providers also received the threat.
We know of at least two other VPN services who also received the same message on Monday. We suspect that a number of other VPN services also received the same message but have remained silent (or paid the ransom?).
The fact that they have threatened to attack multiple VPN providers on the same date (Monday 25th April) leads us to suspect that this is an empty threat, since a DDoS attack would be most effective if there was only a single target at a time.
We hope that our transparency will encourage other VPN services to speak up if they have also received a blackmail threat — now and in the future.
UPDATE: AirVPN also suffered a similar threat and attack on May 30th.
Last weeks downtime was caused by a DDoS.
On Saturday 16th April a small DDoS attack was launched against BlackVPN — which caused our website and VPN service to stop working.
Unfortunately we were too slow to react to the attack and suffered downtime until we were able to fix the problem on Monday. The attack continued in the week but we were able to mitigate it and keep our website and VPN service running as normal.
No intrusions of our systems were detected (they crashed but were not hacked) so no data or customer information was leaked.
BlackVPN customers are safe.
The threat is only against BlackVPN’s systems and attacking our service will not compromise or threaten our customers privacy or security.
The worst case scenario is that our VPN service and support systems are unavailable during the attack.
We’ll post updates on our Twitter profile @blackVPN if there is any downtime due to an attack.