Quebec-based supplier of telephony companies VoIP.ms is going through an aggressive Distributed Denial of Service (DDoS) cyber assault, inflicting a disruption in cellphone calls and companies. The incident started round September 16 and has put a pressure on the VoIP supplier’s techniques, web sites, and operations.
VoIP.ms serves over 80,000 prospects throughout 125 nations, a lot of whom at the moment are going through points with voice calls.
Voice calls and companies disrupted by DDoS assault
Final week, Canadian voice-over-IP service supplier VoIP.ms announced that it turned conscious of a problem that was stopping prospects from accessing its web site and was working towards an answer. Quick-forward to in the present day: the difficulty is ongoing and has been attributed to a persistent DDoS assault.
DDoS is a type of cyber assault wherein a number of computer systems, or “bots,” are concurrently engaged by an attacker to make a lot of requests to an Web server past the server’s capability. As such, an Web server, when going through a complicated DDoS assault, could supply degraded efficiency to prospects, or crash altogether. VoIP is a set of applied sciences that make phone calls attainable through Web-connected servers, which, like every Web service, makes them susceptible to DDoS assaults.
As of in the present day, VoIP.ms continues to be battling the cyber assault:
All our sources are nonetheless working at stabilizing our web site and voice servers because of the ongoing DDoS assaults. We perceive the importance of the affect on our shoppers’ operations and wish to reassure you that each one of our efforts are being put into recovering our service.
— VoIP.ms (@voipms) September 22, 2021
As seen by Ars, the VoIP.ms web site is now requiring guests to resolve captchas earlier than letting them in. Previous to this, the web site was throwing HTTP 500 (service unavailable) errors now and again.
As soon as in, the web site states: “a Distributed Denial of Service (DDoS) assault continues to be focused at our Web sites and POP servers. Our group is deploying steady efforts to cease this nonetheless the service is being intermittently affected.”
Risk actors demand over $4.2 million in extortion assault
Tweets exchanged between VoIP.ms and the menace actors present fascinating insights. The menace actors behind the DDoS assault go by the title “REvil,” however it can’t be authoritatively established in the event that they symbolize the identical REvil ransomware gang that’s recognized to have beforehand attacked outstanding firms, together with the world’s largest meat processor, JBS.
Additional, primarily based on the a number of calls for made by the menace actor to VoIP.ms for bitcoins, this incident has been labeled an extortion assault.
“That is presumably a cyber extortion marketing campaign. They carry down companies through DDoS after which demand cash. Do not know if the DDoS assault and the ransom demand are from the identical idiots,” noted Twitter consumer PremoWeb, pointing to a Pastebin observe that has now been eliminated. The eliminated observe retrieved by Ars reveals the attackers’ preliminary ask was for 1 Bitcoin, or a bit of over US$42,000:
However, two days later, the demand was upped to 100 Bitcoins, or over US$4.2 million:
“Okay, sufficient communication… The value for us to cease is now 100 Bitcoin into the pastebin BTC deal with. I’m certain your prospects will respect your 0 [expletive] given angle in a number of regulation fits,” learn the tweet signed “REvil.”
Earlier this month, UK-based telecom VoIP Limitless was slapped with an identical DDoS assault, suspected to originate from “REvil.” Nonetheless, menace actors behind these assaults are seemingly completely different from the REvil ransomware operator.
“REvil just isn’t recognized for DDoS assaults or publicly demanding ransoms, in a way finished within the VoIP.ms assault,” explains Lawrence Abrams of stories web site BleepingComputer. “This assault’s methodology of extortion makes us imagine that the menace actors are merely impersonating the ransomware operation to intimidate VoIP.ms additional.”
VoIP.ms prospects can monitor the corporate’s Twitter feed for updates on the scenario.