Quebec-based telephony service provider VoIP.ms is facing an aggressive distributed denial of service (DDoS) cyberattack, causing a disruption in phone calls and services. The incident started around September 16 and has put the VoIP provider’s systems, websites and operations to the test.
VoIP.ms serves more than 80,000 customers in 125 countries, many of whom now face problems with voice calls.
Voice calls and services interrupted by a DDoS attack
Last week, Canadian voice over IP service provider VoIP.ms Announced who noticed a problem preventing customers from accessing his website and was working to find a solution. Fast forward to today: the problem continues and has been attributed to a persistent DDoS attack.
DDoS is a form of cyber attack in which an attacker simultaneously activates multiple computers or “bots” to make a large number of requests to an Internet server beyond the server’s capacity. As such, an Internet server, when faced with a sophisticated DDoS attack, can deliver degraded performance to clients or completely crash. Voip is a set of technologies that enable telephone calls through servers connected to the Internet, which, like any Internet service, makes them vulnerable to DDoS attacks.
To this day, VoIP.ms is still fighting the cyberattack:
All of our resources are still working to stabilize our website and voice servers due to ongoing DDoS attacks. We understand the importance of the impact on our clients’ operations and we want to assure you that all of our efforts are being dedicated to recovering our service.
– VoIP.ms (@voipms) September 22, 2021
As Ars saw it, the VoIP.ms website now requires visitors to resolve captchas before letting them in. Prior to this, the website was throwing HTTP 500 (service not available) errors on occasion.
Once inside, the website says: “A distributed denial of service (DDoS) attack continues to be directed at our websites and POP servers. Our team is making continuous efforts to stop this, however, the service is affected by intermittently “.
Threat actors demand more than $ 4.2 million in extortion attacks
The tweets exchanged between VoIP.ms and the threat actors provide interesting information. The threat actors behind the DDoS attack go by the name “REvil”, but it cannot be established with authority whether they represent the same REvil ransomware band that is known to have previously attacked prominent companies, including the meat processor. largest in the world, JBS.
Furthermore, based on the multiple demands made by the VoIP.ms threat actor for bitcoins, this incident has been labeled as an extortion attack.
“This is possibly a cyber extortion campaign. They reduce services through DDoS and then demand money. I don’t know if the DDoS attack and the ransom demand are from the same idiots.” indicated Twitter user PremoWeb, pointing to a Pastebin note that has now been removed. The deleted note retrieved by Ars shows that the attackers’ initial request was for 1 Bitcoin, or just over $ 42,000:
But, two days later, the demand increased to 100 Bitcoins, or more than $ 4.2 million:
“Ok enough communication … The price for us to stop now is 100 Bitcoin at pastebin BTC address. I’m sure your clients will appreciate your 0 [expletive] attitude given in multiple trials, “reads the tweet signed” REvil “.
Earlier this month, UK-based telecom VoIP Unlimited received a similar DDoS attack, suspected of originating of “REvil”. However, the threat actors behind these attacks are likely different from the REvil ransomware operator.
“REvil is not known for its DDoS attacks or for publicly demanding ransoms, as was done in the VoIP.ms attack”, Explain Lawrence Abrams of the news site BleepingComputer. “The extortion method of this attack leads us to believe that the threat actors are simply posing as the ransomware operation to further intimidate VoIP.ms.”
VoIP.ms clients can monitor the Twitter feed for updates on the situation.