
Crypto e-mail service pays $6,000 ransom, gets taken out by DDoS anyway - etiam
http://arstechnica.com/security/2015/11/crypto-e-mail-service-pays-6000-ransom-gets-taken-out-by-ddos-anyway/
======
celticninja
paying the ransom was terrible advice, not only did it not work but now
attackers know there is a potential payout it is in their interest to attack
again. if it isn't the same attackers then another group, who is attacking
doesn't matter. I hope ProtonMail now stop taking advice from whoever told
them to pay up.

~~~
ianopolous
They only paid the ransom because of extreme pressure from the other 100
companies in their datacentre that were also offline. The ransomers contacted
them after the second, much stronger and more sophisticated attack to deny
responsibility for the second DDOS.
[https://protonmaildotcom.wordpress.com/](https://protonmaildotcom.wordpress.com/)

~~~
celticninja
that was partially my point, they paid the ransom, now they are subjected to
another attack. If it is a new attacker perhaps they knew that a ransom had
been paid therefore it was worth the attack, perhaps on the basis that any new
attack may not even have to last as long as the initial attack.

Personally the problem should rest with the data host, if the issue spills
over to other customers then they need to mitigate that how they see best, I
dont see it as being ProtomMails fault.

------
wodenokoto
This is something I've been wondering about bitcoins.

Don't we know those 15 coins' hash/ID and couldn't we (theoretically) send out
a burn notice on those coins, saying whoever is paying you these money are the
extortionists?

I mean, isn't the blackmail payment visible in the block chain, and thus, the
next move of the coins?

~~~
FlyingAvatar
It's fairly easy to obfuscate the source of coins. There are "laundering"
services where you can send a bunch of coins and they will redistribute them
randomly mixed with others who use the service.

Even if you could reliably follow them all, what agency would keep track of
which coins are "tainted"?

For an amount of money this small, it's just not practical. Even for the many
thousands of coins stolen from MtGox, tracking them is not practical.

