Proton

As few weeks back, we sent a notice to the Proton community regarding the DDoS attacks that we have been facing. Today we would like to provide a brief update of the situation.

  • Starting on June 27th, Proton Mail started to be hit by sustained DDoS attacks.
  • The attack campaign continues to this day, but there has been little to no user impact.
  • Thus far the attacks have included:
    • Rapidly morphing DDoS attacks with the combination of SYN floods, TCP handshake violations (first packets are not SYNs), IPv4 TCP SYN floods, TCP Zero Sequence, ACK Floods, NTP nonstandard port floods, and reflection attacks on SSDP, NTP, Chargen, LDAP and Memcache protocols.
    • Pulsed/Burst DDoS attacks, with multiple attack vectors and rapid changes within minutes.
    • Attacks up to 25Gbs in volume. This attack was largely challenging to handle because of its complexity, not the size/volume. No unknown attack vectors were used, but they were rapidly changing, and hence the complexity.

Since November 2015, Proton Mail has been protected by Radware’s Cloud DDoS Protection Services, and in this instance, Radware was able to successfully mitigate nearly all of these attacks. However, due to the nature of the ferocity and attack ingenuity, some of the attacks were only partially mitigated and briefly resulted in some service outages at the outset of the campaign.

In order to improve mitigation performance, Radware immediately upgraded their scrubbing centers and processes to provide better protection against rapidly changing attacks. As a result, attack mitigation through the upgraded Radware scrubbing center has been successful in the past couple weeks.

After the upgrade, we have found that Radware’s technology actually works well against rapidly evolving attacks, and the automatic mitigation capabilities are essential for reducing the response times when coming under attack frequently. We also deeply appreciate the support that we have received from the team at Radware, and the fact that they made defending Proton Mail a priority. Going forward, we plan to utilize a multi-layered DDoS defense strategy and will continue to partner with Radware on the first line of defense.

We appreciate your patience through these attacks and look forward continuing to provide you with secure and private email services.

Related articles

The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.
A graphic interpretation of a block of how many gigabytes in a terabyte
Learn how many GB are in a TB and discover the best way to securely store and share your files — no matter their size.
The cover image for a Proton blog, showing a phone screen with a lock logo and three password fields surrounding the phone
Here's what to look for when choosing an enterprise password manager to streamline collaboration and protect your organization's sensitive data.
  • Privacy guides
Learn how to unsend an email, how it’s useful for personal or business emails, and how Proton Mail can help.
Proton Mail and Proton Calendar winter product roadmap
  • Product updates
  • Proton Calendar
  • Proton Mail
Preview upcoming updates to Proton Mail and Proton Calendar, including performance boosts, new features, and enhanced privacy tools.
Gantt chart displaying Proton Drive plans and development of new features
Discover the tools, features, and improvements coming to Proton Drive’s secure cloud storage and document editor this winter and spring.