VoIP company battles massive ransom DDoS attack

'Massive' distributed denial of service attack hits internet telephony company.

What's worse: A terabit DDoS attack or triple extortion ransomware?

Canada-based VoIP provider VoIP.ms is still battling a week-long, massive ransom distributed denial of-service (DDoS) attack. 

ZDNet Recommends

The best VoIP services

If you need to replicate a traditional office phone PBX remotely, we have 12 recommendations to get you talking.

Read More

The company, which provides internet telephony services to businesses across the US and Canada, was hit by a DDoS attack on September 16, with the company confirming via Twitter: "At the moment we carry on with the labor of alleviating the effects caused by the massive DDoS directed at our infrastructure. We continue to work full-on re-establishing all of our services so we can have you connected."

SEE: Four months on from a sophisticated cyberattack, Alaska's health department is still recovering

As reported by BleepingComputer earlier this week, the attack also affected its domain name service (DNS) infrastructure. Its website remains hard to access some days after the attacks were first acknowledged. 

In an update on Wednesday, VoIP.ms apologized to customers and confirmed it was still being targeted by what it described as a 'ransom DDoS attack' . VoIP.ms says it has over 80,000 customers in 125 countries.    

DDoS attacks are becoming more frequent, more disruptive and increasingly include ransom demands, according to recent research. VoIP.ms's website currently indicates it is using CDN provider Cloudflare "to protect itself from online attacks".

Cloudflare in August helped block what it claimed was the largest DDoS attack on record, which emanated from about 20 000 compromised internet-connected devices in 125 countries. Variants of the Mirai botnet still plague the internet, some five years after the original Mirai DDoS was open-sourced following a massive attack on the blog Krebs on Security in 2016.  

According to Ars Technica, VoIP.ms is requiring visitors to solve captchas before allowing them to access the site. After completing the captcha challenge, the VoIP.ms website currently displays the message: "A Distributed Denial of Service (DDoS) attack continues to be targeted at our Websites and POP servers. Our team is deploying continuous efforts to stop this however the service is being intermittently affected."

In a Facebook post on Wednesday, the company said: "We have not stopped on all duties required to have our website and voice servers safe from the attack that has been directed to us, we have all the team, plus professional help working minute by minute on controlling the issues and having all crucial services going as expected, Please stay tuned, thanks."

SEE: Half of businesses can't spot these signs of insider cybersecurity threats

BleepingComputer reported that the attackers have asked for one bitcoin, worth around $45,000 today, to stop the DDoS attacks.

Two UK VoIP companies suffered DDoS attacks earlier this month, as reported by The Register: UK-based Voip Unlimited said it was hit with a "colossal ransom demand" after the DDoS attack. 

Mark Pillow, MD of Voip Unlimited, told The Register that industry body UK Comms Council had reported that other companies had also been affected by DDoS attacks and ransoms from 'REvil'. However, there is no way of knowing whether this is related to the prolific ransomware attack group of the same name.