Editor’s Note: This story has been updated to reflect new information.
Switzerland-based ProtonMail, a provider of end-to-end encrypted e-mail, said it paid a ransom of almost $6,000 to stop highly disruptive distributed denial-of-service attacks that knocked out its networks and networks of some of its upstream providers.
Officials said in a blog that they paid 15 bitcoins, which is about $5,850, to the perpetrators so they would stop the attack. However, the attacks continued, though they later subsided, at least temporarily.
The service had been offline for more than 24 hours, but ProtonMail’s decision to pay the ransom has been criticized as encouraging similar attacks. ProtonMail officials responded:
We hoped that by paying, we could spare the other companies impacted by the attack against us, but the attacks continued nevertheless. Attacks against infrastructure continued throughout the evening and in order to keep other customers online, our ISP was forced to stop announcing our IP range, effectively taking us offline. The attack disrupted traffic across the ISP’s entire network and got so serious that the criminals who extorted us previously even found it necessary to write us to deny responsibility for the second attack.
The Swiss startup was given $2 million in funding earlier this year to bring its service to a larger scale. About 10,000 backers raised over $550,000 in a crowdfunding campaign, and 500,000 beta sign ups have been invited. ProtonMail hopes its email service will guard against mass surveillance systems.
Such a goal could be at odds with powerful entities such as the United States and United Kingdom governments. Awareness of the issue increased after NSA whistleblower Edward Snowden disclosed the extent of surveillance employed by both governments, as well as their attempts at circumventing encryption.
The connection between those political forces and the attacks are unclear, but recently the UK government has pushed for legislation that will require companies like ProtonMail to be able to decrypt e-mails under warrant.