ProtonBlog

A brief update regarding ongoing DDoS incidents

Share this page

As few weeks back, we sent a notice to the Proton community regarding the DDoS attacks that we have been facing. Today we would like to provide a brief update of the situation.

  • Starting on June 27th, Proton Mail started to be hit by sustained DDoS attacks.
  • The attack campaign continues to this day, but there has been little to no user impact.
  • Thus far the attacks have included:
    • Rapidly morphing DDoS attacks with the combination of SYN floods, TCP handshake violations (first packets are not SYNs), IPv4 TCP SYN floods, TCP Zero Sequence, ACK Floods, NTP nonstandard port floods, and reflection attacks on SSDP, NTP, Chargen, LDAP and Memcache protocols.
    • Pulsed/Burst DDoS attacks, with multiple attack vectors and rapid changes within minutes.
    • Attacks up to 25Gbs in volume. This attack was largely challenging to handle because of its complexity, not the size/volume. No unknown attack vectors were used, but they were rapidly changing, and hence the complexity.

Since November 2015, Proton Mail has been protected by Radware’s Cloud DDoS Protection Services, and in this instance, Radware was able to successfully mitigate nearly all of these attacks. However, due to the nature of the ferocity and attack ingenuity, some of the attacks were only partially mitigated and briefly resulted in some service outages at the outset of the campaign.

In order to improve mitigation performance, Radware immediately upgraded their scrubbing centers and processes to provide better protection against rapidly changing attacks. As a result, attack mitigation through the upgraded Radware scrubbing center has been successful in the past couple weeks.

After the upgrade, we have found that Radware’s technology actually works well against rapidly evolving attacks, and the automatic mitigation capabilities are essential for reducing the response times when coming under attack frequently. We also deeply appreciate the support that we have received from the team at Radware, and the fact that they made defending Proton Mail a priority. Going forward, we plan to utilize a multi-layered DDoS defense strategy and will continue to partner with Radware on the first line of defense.

We appreciate your patience through these attacks and look forward continuing to provide you with secure and private email services.

Protect your privacy with Proton
Create a free account

Share this page

Proton Team

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

In the public eye, Google presents itself as a champion of privacy. “Privacy is at the heart of everything we do,” its CEO said. But behind closed doors, Google is telling a different story to policymakers and actively fighting against privacy laws
The last thing you want when showing funny videos or holiday photos on your phone or tablet to friends and family is for them to see your sensitive and private photos. Although there are third-party apps dedicated to hiding your personal photos and
It can be slightly difficult to encrypt a zip file using the tools available on your Windows or Mac. Unlike encrypting a PDF or an Excel file, there’s no standardized software to use. You’ll need to rely on your device’s built-in encryption methods.
Last week, the Spanish Presidency of the European Council delayed a vote regarding the Council’s position on the controversial Child Sexual Abuse Regulation (CSAR) due to a lack of consensus over the issue of encryption, among others. This proposed r
At Proton, we’re always working on new and innovative ways to protect the privacy and data of the Proton community. Sometimes that means developing entirely new services, like our Proton Sentinel program, which combines AI and human security analysts
How to unsend an email in Gmail, Outlook, Proton Mail, and Apple Mail
“Undo Send” gives you a chance to stop an erroneous message you’ve just sent. We’ve all done it. You hit Send on an email only to spot you’ve misspelled someone’s name, forgotten an attachment, or accidentally sent a cringing joke to half your conta