UK VoIP telco receives 'colossal ransom demand', reveals REvil cybercrooks suspected of 'organised' DDoS attacks on UK VoIP companies
One firm hit with at least two attacks as outages continue
Two UK VoIP operators have had their services disrupted over the last couple of days by ongoing, aggressive DDoS attacks.
South Coast-based Voip Unlimited has confirmed it has been slapped with a "colossal ransom demand" after being hit by a sustained and large-scale DDoS attack it believes originated from the Russian cybercriminal gang REvil.
This morning, it confirmed that "services are operational ... however the attacks are still ongoing."
Separately, London-based Voipfone (see status page here) said it is still suffering outages on voice, inbound and outbound calls, and SMS services. It told customers on Tuesday in a status update that it had been hit by "a further DDoS attack" after the initial attack, revealed to customers via email as having taken place over the Monday bank holiday.
At this stage it's not clear if any other UK Internet Telephony Service Providers (ITSP) have been affected. However, UK Comms Council – the industry body that represents ITSPs – has informed members of the industry group about the attacks and issued a reminder to adopt "appropriate DDoS mitigation strategies."
Mark Pillow, MD of Voip Unlimited, told us the company takes "full responsibility of the availability of our services to our clients" and that he is "extremely sorry for all inconvenience caused."
In a statement, he explained: "At 2pm 31st August, Voip Unlimited's network was the victim of an alarmingly large and sophisticated DDoS attack attached to a colossal ransom demand."
As a result of the attack some of VoIP Unlimited's network experienced "intermittent or total loss of internet connectivity services" although customers using its Voip Unlimited Ethernet and Broadband services are understood to have remained largely unaffected.
- Dissected: A dropper-as-a-service miscreants pay to push their malware onto potentially 1,000s of victims
- In Microsoft's world, cloud email still often requires on-premises Exchange. Why?
- Mirai-style IoT botnet is now scanning for router-pwning critical vuln in Realtek kit
- Blackbaud – firm that paid off crooks after 2020 ransomware attack – fails to get California privacy law claim dropped
Pillow went on to say the incident was not isolated and that other companies had also been hit.
"UK Comms Council have communicated to us that other UK SIP (Session Initiation Protocol) providers are affected and identified them as a criminal hacking organisation called REvil who appear to be undertaking planned and organised DDoS attacks against VoIP companies in the UK," he said.
The full extent of the attack is not yet known, but in an email sent by Voipfone on Tuesday and seen by El Reg the company told customers that its services had been "intermittently disrupted by a DDoS attack" over the Bank Holiday weekend that flooded its network with bogus traffic from tens of thousands compromised devices.
Although it had managed to regain some control - biz broadband services are again live after the problem was resolved late yesterday afternoon - it did warn that the attack may return at some point. The status page is here.
Sources close to Voipfone told us that they "do believe it is the same attack as the other VoIP provider" but went on to add that they have nothing official to say at the moment other than they are working to resolve the issue as quickly as possible.
It goes without saying that customers have become increasingly frustrated at being unable to access key digital communications services following a return to work after the August Bank Holiday weekend.
In a statement, chair of Comms Council UK Eli Katz told us: "Comms Council UK is aware of the Denial of Service attacks currently targeting IP-based communications service providers in the UK and that a small number of our members have been impacted. We have communicated the issue to our membership and are continuing to liaise closely with them to share further information and support as the situation develops."
UK law enforcement agencies have been informed of the attack. ®