IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Basecamp hit by DDoS extortion attempt

Project management SaaS tool held to ransom by cyber criminals

Cyber crime posted within binary code

Online project management and collaboration service Basecamp has been the victim of an extortion attempt that resulted in a service outage.

Hackers aimed a 20Gbps flood of data at the firm's servers, which resulted in the service going offline for a few hours before it managed to get back online.

The attack started at 8.46am US Central Time and came after the company refused to pay an unspecified ransom in order to avoid the attack, which prevented legitimate traffic from passing through.

"We've learned that the very same criminals currently attacking and trying to extort us hit others just last week," Basecamp noted in a blog post.

"We're comparing notes with everyone affected who have been in touch. The blackmail came from an address matching this pattern: dari***@gmail.com. If you have been extorted by this person, please get in contact so we can compare notes on both technical defenses and the law enforcement effort to hunt them down."

According to the blog post, the onslaught came weeks after a similar DDoS attack hit the servers of Meetup, which took a whole weekend for that firm to deal with.

"There's no guarantee it will not resume. Other victims have told us about how the attacker would take a break, and then try again later with a different method. Hopefully that will not be the case, but we remain on the highest alert for now," Basecamp added.

Daniel Korel, security analyst at IT security firm DOSarrest Internet Security, said that such attacks are fairly easy for someone with relatively little knowledge and malicious intent to carry out.

"With the anonymity of the internet to hide behind, it can be an attractive proposition for an attacker to attempt to extort a high-traffic websites such as Meetup and Basecamp for money," he said.

Russ Spitler, vice president of product strategy at AlienVault, added that DDoS was a rather unsophisticated attack and "unfortunately these days the easy access to distributed botnets or amplification techniques make large scale attacks feasible for rather insignificant attackers."

"I applaud the fact that Basecamp refused to negotiate with these attackers - just like kidnapping we won't see the end of this type of exploitation disappear until we have a consistent 'no-negotiation' policy across the internet," said Spitler.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

What is metaverse security?
Security

What is metaverse security?

9 Jun 2022
What is Amazon S3?
Amazon S3

What is Amazon S3?

16 May 2022
EDB unveils world-first openly governed Kubernetes Postgres operator
Cloud

EDB unveils world-first openly governed Kubernetes Postgres operator

13 May 2022
How the cloud primed Markerstudy for an M&A spree
Cloud

How the cloud primed Markerstudy for an M&A spree

9 May 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022