On Monday, Cloak a VPN provider based in the US received a ransom demand that threatened to affect their servers should they not comply.
A criminal group requested that Cloak hand over 10 bitcoins which roughly equates to £3081 or $4427 at today’s conversion rates or face the possibility of a distributed denial of service (DDOS) attack.
Cloak have chosen to ignore the demand and two days later posted a blog post explaining the situation. They made it clear that they will not comply with any such demands and are prepared to weather the storm.
If any DDOS attack will take place for them refusing to cough up will be left to be seen but they won’t be the first company targeted by such bullying tactics.
Criminal groups usually located in former soviet bloc countries or Russia where technical expertise is commonplace often try to extort money from small start-up companies for relatively small amounts in the hope that due to lesser resources they’re more likely to comply.
Small companies often cannot afford to employ DDOS protection especially at the levels the attackers may possess. In a catch-22 situation, large scale DDOS protection can end up costing more than the actual ransom demands.
Cloak rightly so related the request as “extortion attempts” and highlighted that they “will not pay these criminals under any circumstances”.
In their recent blog post Cloak claim they have dealt with traffic spikes in the past but don’t allude to what these spikes were caused by. Often VPN providers see a rash of sign-ups when big sporting events take place such as the coming Olympic Games but even with such traffic increase it is unlikely to mimic a powerful DDOS attack.
The Cloak position is clear and customers have been warned that as of the ransom expiration date, the 25th April they may experience some disruption to the service. How badly and for how long the disruption will be is left to be seen and there is a possibility that the demand was simply a fishing expedition without any follow-up.
Cloak certainly aren’t the first company to receive ransom demands in relation to DDOS attacks. Often targets include large gambling sites in the run-up to big sporting events. However, being a relatively small company and being in the privacy industry the promised attack could have a severe knock-on effect on their customer base.
While many customers will be initially sympathetic to the situation there will only be a finite amount of time before users look to other VPN providers if their privacy needs are not being met for days or possibly weeks on end.
Cloak is an independent VPN provider based in Seattle, United States and concentrates on the Apple market.
Launched in 2011 they currently only supply apps and software for Mac and iOS devices.