[MlMt] News regarding RunBox/Fastmail/Posteo and DDoS attacks

Jenna Jonteaux jennajon at protonmail.com
Mon Oct 25 08:28:26 EDT 2021

Information that should be shared:
From Jenna Jonteaux-McClay, A Runbox and Posteo user and Mailmate of course!

On Friday evening Runbox, along with at least two other email services, started experiencing Distributed Denial of Service (DDoS) attacks by extortionists who are demanding that we pay them a ransom to prevent further attacks.

The attacks consisted of a massive volume of data traffic against our services that overwhelmed our servers and intermittently blocked our customers from accessing their email.

This message contains important information about these attacks, what Runbox is doing to mitigate the situation, and what you as our customer can do if you experience any disruptions.

For our most recent updates regarding this incident, please see our Service Status page at http://status.runbox.com.

How might this attack affect me?

The extortion letter we have received from the attackers included threats about more severe DDoS attacks on Monday if Runbox does not pay the ransom.

Paying criminals money that you as a customer have originally paid us for the services we provide is unacceptable, and would only fund further attacks in the future.

If Runbox is subject to another DDoS attack you may experience problems connecting to our website and email services, and there
might be delays delivering incoming and outgoing email. Our web hosting services may also become inaccessible.

The attacks will not affect any of the data stored on the Runbox servers. Your email is securely stored and is safe from these types of

You can find more information about the nature of DDoS attacks further down in this message.

What is Runbox doing about this?

Since the attacks started we have worked around the clock with our system administrators and Internet Service Provider to mitigate them, and are implementing additional measures in preparation for possible further attacks on Monday.

Although we cannot reveal details of these measures at this time we can assure you that we are doing everything in our power to ensure that our services remain accessible to all our customers. The measures we are deploying will also strengthen our defenses in the event of future attacks by other groups.

We should be clear that DDoS attacks are a criminal act, and that demanding a ransom to prevent them is extortion. Runbox has persevered against similar DDoS attacks in the past and never in our history paid criminals who attack our services. And we are not going to start now.

In fact, anyone who does comply with such blackmailing to prevent DDoS attacks helps create a market for these criminal groups.

Instead we will report this incident to The Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime, and will cooperate with the Norwegian Computer Emergency Response Team (NorCERT) to mitigate against further attacks.

We have also learned that Runbox is not alone in being attacked, as The Record reports that Fastmail and Posteo are also under attack by the same extortionists: https://therecord.media/ddos-attacks-hit-multiple-email-providers/

We are now coordinating our fight against these criminals and will cooperate with relevant law enforcement in our respective countries.

Why not just pay the ransom?

Paying extortionists would provide no guarantee that further attacks will be prevented, and could instead make the victim more attractive for similar attacks.

Furthermore, funding such criminal activities would only increase the likelihood of further attacks by the same criminals or other malefactors.

Anyone who is experiencing DDoS attacks is encouraged to never capitulate, as it only makes the market for these criminal activities grow stronger.

What can I do?

Runbox, together with our partners, will do everything we can to continue fighting these attacks, and our goal is to prevent any further disruptions to our services.

If you experience disruptions in our services, please try again in a short while. If our webmail doesn't respond you may also set up an email client which may respond in the meantime, as described here: https://help.runbox.com/imap/

Do not be concerned that there are any technical issues with the Runbox servers themselves. Once you are able to access our services again, any queued email will be delivered to your account and no data will be lost.

You can at any time access our Service Status page at http://status.runbox.com and find our updates regarding this incident. You may also inform any sub-accounts by forwarding this message to them.

We refuse to give criminals the power to decide which Internet services you use, and we ask that you continue supporting Runbox and other independent services who refuse to be defeated by extortionists.

What is a DDoS Attack?

A DDoS attack prevents users from accessing a service by using a large number of computers to send a very large amount of requests to the targeted service.

This floods the bandwidth and resources of the system to a point where genuine connections from users cannot get through. This makes the service appear to be down.

DDoS attacks can exceed bandwidths of 1 Tbps, and involve a large network of Internet-connected devices that have been hjacked by criminals. These individuals or groups then direct the computers to send large amounts of data traffic to their target, or sell their services to others who execute DDoS attacks.

Such attacks can take place against any Internet service including email services like Runbox, and often include demands to pay a ransom for the attacks to stop.

If Runbox is attacked how can I get information?

In the event Runbox appears to be unavailable we will use the following websites for status updates and points of contact:

- Our status page at http://status.runbox.com
- Our Twitter page at https://twitter.com/Runbox
- Our Support Center at https://support.runbox.com

We appreciate that this message might be confusing or alarming, and that you may have questions that are not answered by the above.

You may then reply to this email, but keep in mind that we will be receiving numerous requests and our main concern is to ensure that our services remain accessible.

Know that we are already working with experts on mitigation and prevention of such attacks, and that our services will soon normalize.

Best regards,

The Runbox Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20211025/1d9f700f/attachment-0001.htm>

More information about the mailmate mailing list