Quebec telephone service provider VoIP.ms is facing an aggressive Distributed Denial of Service (DDoS) cyberattack, disrupting calls and telephone services. The incident began around September 16 and put a strain on the VoIP provider’s systems, websites and operations.
VoIP.ms serves over 80,000 customers in 125 countries, many of whom are now facing voice calling issues.
Calls and voice services disrupted by a DDoS attack
Last week, the Canadian voice over IP service provider VoIP.ms announcement that he became aware of a problem that was preventing customers from accessing his website and was working on a solution. Fast forward to today: The issue persists and has been attributed to a persistent DDoS attack.
DDoS is a form of cyber attack in which multiple computers, or “bots”, are simultaneously hired by an attacker to send a large number of requests to an Internet server beyond the capacity of the server. As such, an Internet server, faced with a sophisticated DDoS attack, can offer degraded performance to clients, or even crash altogether. VoIP is a collection of technologies that make it possible to make phone calls through servers connected to the Internet, which, like any Internet service, makes them vulnerable to DDoS attacks.
To this day, VoIP.ms is still fighting the cyberattack:
All of our resources are still working to stabilize our website and voice servers due to the ongoing DDoS attacks. We understand the importance of the impact on our customers’ operations and want to reassure you that all of our efforts are being made to recover our service.
– VoIP.ms (@voipms) September 22, 2021
As Ars saw, the VoIP.ms website now requires visitors to resolve captchas before letting them in. Before that, the website would sometimes throw HTTP 500 (service unavailable) errors.
Once entered, the website states, “A Distributed Denial of Service (DDoS) attack continues to target our websites and POP servers. Our team is making continuous efforts to stop this, but the service is affected intermittently. “
Threaters demand more than $ 4.2 million in extortion attacks
The tweets exchanged between VoIP.ms and the threat actors provide interesting information. The threat actors behind the DDoS attack are known as “REvil”, but it cannot be authoritatively established if they represent the same REvil ransomware gang that is known to have attacked premier companies before. plan, including the world’s largest meat processor, JBS.
Moreover, based on the multiple requests made by the threat actor to VoIP.ms for bitcoins, this incident has been qualified as an extortion attack.
“Maybe this is a cyber extortion campaign. They take down the services via DDoS, then ask for money. I don’t know if the DDoS attack and the ransom demand are from the same idiots. ” Noted Twitter user PremoWeb, pointing to a Pastebin note that has now been deleted. The deleted note retrieved by Ars shows that the initial request from the attackers was 1 Bitcoin, or just over $ 42,000:
But, two days later, the request was increased to 100 Bitcoins, or more than $ 4.2 million:
“Okay, enough communication … The price to stop us is now 100 Bitcoin in pastebin’s BTC address. I’m sure your customers will appreciate your 0 [expletive] an attitude given in several lawsuits “, we read in the tweet signed” REvil “.
Earlier this month, UK telecommunications company VoIP Unlimited fell victim to a similar DDoS attack, suspected of being native of “REvil”. However, the threat actors behind these attacks are likely different from the operator of the REvil ransomware.
“REvil is not known for DDoS attacks or publicly demanding ransoms, like the VoIP.ms attack”, Explain Lawrence Abrams from the BleepingComputer news site. “The extortion method of this attack makes us believe that the threat actors are simply masquerading as the ransomware operation to further intimidate VoIP.ms.”
VoIP.ms clients can monitor Twitter feed for updates on the situation.