Phone calls disrupted by ongoing DDoS cyberattack on


Quebec telephone service provider is facing an aggressive Distributed Denial of Service (DDoS) cyberattack, disrupting calls and telephone services. The incident began around September 16 and put a strain on the VoIP provider’s systems, websites and operations. serves over 80,000 customers in 125 countries, many of whom are now facing voice calling issues.

Calls and voice services disrupted by a DDoS attack

Last week, the Canadian voice over IP service provider announcement that he became aware of a problem that was preventing customers from accessing his website and was working on a solution. Fast forward to today: The issue persists and has been attributed to a persistent DDoS attack.

DDoS is a form of cyber attack in which multiple computers, or “bots”, are simultaneously hired by an attacker to send a large number of requests to an Internet server beyond the capacity of the server. As such, an Internet server, faced with a sophisticated DDoS attack, can offer degraded performance to clients, or even crash altogether. VoIP is a collection of technologies that make it possible to make phone calls through servers connected to the Internet, which, like any Internet service, makes them vulnerable to DDoS attacks.

To this day, is still fighting the cyberattack:

As Ars saw, the website now requires visitors to resolve captchas before letting them in. Before that, the website would sometimes throw HTTP 500 (service unavailable) errors.

The site requests a captcha.
Enlarge / The site requests a captcha.

Ax Sharma

Once entered, the website states, “A Distributed Denial of Service (DDoS) attack continues to target our websites and POP servers. Our team is making continuous efforts to stop this, but the service is affected intermittently. “

Threaters demand more than $ 4.2 million in extortion attacks

The tweets exchanged between and the threat actors provide interesting information. The threat actors behind the DDoS attack are known as “REvil”, but it cannot be authoritatively established if they represent the same REvil ransomware gang that is known to have attacked premier companies before. plan, including the world’s largest meat processor, JBS.

Moreover, based on the multiple requests made by the threat actor to for bitcoins, this incident has been qualified as an extortion attack.

“Maybe this is a cyber extortion campaign. They take down the services via DDoS, then ask for money. I don’t know if the DDoS attack and the ransom demand are from the same idiots. ” Noted Twitter user PremoWeb, pointing to a Pastebin note that has now been deleted. The deleted note retrieved by Ars shows that the initial request from the attackers was 1 Bitcoin, or just over $ 42,000:

Now deleted Pastebin note retrieved by Ars.
Enlarge / Now deleted Pastebin note retrieved by Ars.

Ax Sharma

But, two days later, the request was increased to 100 Bitcoins, or more than $ 4.2 million:

“Okay, enough communication … The price to stop us is now 100 Bitcoin in pastebin’s BTC address. I’m sure your customers will appreciate your 0 [expletive] an attitude given in several lawsuits “, we read in the tweet signed” REvil “.

The attackers increased the demand from 1 BTC to 100 BTC.
Enlarge / The attackers increased the demand from 1 BTC to 100 BTC.

Earlier this month, UK telecommunications company VoIP Unlimited fell victim to a similar DDoS attack, suspected of being native of “REvil”. However, the threat actors behind these attacks are likely different from the operator of the REvil ransomware.

“REvil is not known for DDoS attacks or publicly demanding ransoms, like the attack”, Explain Lawrence Abrams from the BleepingComputer news site. “The extortion method of this attack makes us believe that the threat actors are simply masquerading as the ransomware operation to further intimidate” clients can monitor Twitter feed for updates on the situation.

Source link


Leave A Reply