Quebec-based supplier of telephony providers VoIP.ms is going through an aggressive Distributed Denial of Service (DDoS) cyber attack, inflicting a disruption in telephone calls and providers. The incident started round September 16 and has put a pressure on the VoIP supplier’s programs, web sites, and operations.
VoIP.ms serves over 80,000 prospects throughout 125 international locations, a lot of whom are actually going through points with voice calls.
Voice calls and providers disrupted by DDoS attack
Last week, Canadian voice-over-IP service supplier VoIP.ms announced that it turned conscious of a difficulty that was stopping prospects from accessing its web site and was working towards an answer. Fast-forward to immediately: the problem is ongoing and has been attributed to a persistent DDoS attack.
DDoS is a type of cyber attack by which a number of computer systems, or “bots,” are concurrently engaged by an attacker to make numerous requests to an Internet server past the server’s capability. As such, an Internet server, when going through a classy DDoS attack, might provide degraded efficiency to prospects, or crash altogether. VoIP is a set of applied sciences that make phone calls potential through Internet-connected servers, which, like every Internet service, makes them susceptible to DDoS assaults.
As of immediately, VoIP.ms remains to be battling the cyber attack:
All our sources are nonetheless working at stabilizing our web site and voice servers as a result of ongoing DDoS assaults. We perceive the importance of the affect on our purchasers’ operations and need to reassure you that every one of our efforts are being put into recovering our service.
— VoIP.ms (@voipms) September 22, 2021
As seen by Ars, the VoIP.ms web site is now requiring guests to unravel captchas earlier than letting them in. Prior to this, the web site was throwing HTTP 500 (service unavailable) errors on event.
Once in, the web site states: “a Distributed Denial of Service (DDoS) attack continues to be targeted at our Websites and POP servers. Our team is deploying continuous efforts to stop this however the service is being intermittently affected.”
Threat actors demand over $4.2 million in extortion attack
Tweets exchanged between VoIP.ms and the menace actors present attention-grabbing insights. The menace actors behind the DDoS attack go by the title “REvil,” but it surely can’t be authoritatively established in the event that they characterize the identical REvil ransomware gang that’s identified to have beforehand attacked distinguished firms, together with the world’s largest meat processor, JBS.
Further, based mostly on the a number of calls for made by the menace actor to VoIP.ms for bitcoins, this incident has been labeled an extortion attack.
“This is possibly a cyber extortion campaign. They bring down services via DDoS and then demand money. Don’t know if the DDoS attack and the ransom demand are from the same idiots,” noted Twitter consumer PremoWeb, pointing to a Pastebin observe that has now been eliminated. The eliminated observe retrieved by Ars reveals the attackers’ preliminary ask was for 1 Bitcoin, or somewhat over US$42,000:
But, two days later, the demand was upped to 100 Bitcoins, or over US$4.2 million:
“Ok, enough communication… The price for us to stop is now 100 Bitcoin into the pastebin BTC address. I am sure your customers will appreciate your 0 [expletive] given attitude in multiple law suits,” learn the tweet signed “REvil.”
Earlier this month, UK-based telecom VoIP Unlimited was slapped with an analogous DDoS attack, suspected to originate from “REvil.” However, menace actors behind these assaults are possible completely different from the REvil ransomware operator.
“REvil is not known for DDoS attacks or publicly demanding ransoms, in a manner done in the VoIP.ms attack,” explains Lawrence Abrams of reports website BleepingComputer. “This attack’s method of extortion makes us believe that the threat actors are simply impersonating the ransomware operation to intimidate VoIP.ms further.”
VoIP.ms prospects can monitor the corporate’s Twitter feed for updates on the state of affairs.