[BreachExchange] UK VoIP telco receives 'colossal ransom demand', reveals REvil cybercrooks suspected of 'organised' DDoS attacks on UK VoIP companies
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Thu Sep 2 09:05:55 EDT 2021
https://www.theregister.com/2021/09/02/uk_voip_telcos_revil_ransom/
Two UK VoIP operators have had their services disrupted over the last
couple of days by ongoing, aggressive DDoS attacks.
South Coast-based Voip Unlimited has confirmed it has been slapped with a
"colossal ransom demand" after being hit by a sustained and large-scale
DDoS attack it believes originated from the Russian cybercriminal gang
REvil.
This morning, it confirmed that "services are operational ... however the
attacks are still ongoing."
Separately, London-based Voipfone (see status page here) said it is still
suffering outages on voice, inbound and outbound calls, and SMS services.
It told customers on Tuesday in a status update that it had been hit by "a
further DDoS attack" after the initial attack - revealed to customers via
email as having taken place over "the bank holiday."
At this stage it's not clear if any other UK Internet Telephony Service
Providers (ITSP) have been affected. However, UK Comms Council – the
industry body that represents ITSPs – has informed members of the industry
group about the attacks and issued a reminder to adopt "appropriate DDoS
mitigation strategies."
Mark Pillow, MD of Voip Unlimited, told us the company takes "full
responsibility of the availability of our services to our clients" and that
he is "extremely sorry for all inconvenience caused."
In a statement, he explained: "At 2pm 31st August, Voip Unlimited's network
was the victim of an alarmingly large and sophisticated DDoS attack
attached to a colossal ransom demand."
As a result of the attack some of VoIP Unlimited's network experienced
"intermittent or total loss of internet connectivity services" although
customers using its Voip Unlimited Ethernet and Broadband services are
understood to have remained largely unaffected
Pillow went on to say the incident was not isolated and that other
companies had also been hit.
"UK Comms Council have communicated to us that other UK SIP (Session
Initiation Protocol) providers are affected and identified them as a
criminal hacking organisation called REvil who appear to be undertaking
planned and organised DDoS attacks against VoIP companies in the UK," he
said.
The full extent of the attack is not yet known, but in an email sent by
Voipfone on Tuesday and seen by El Reg the company told customers that its
services had been "intermittently disrupted by a DDoS attack" over the Bank
Holiday weekend that flooded its network with bogus traffic from tens of
thousands compromised devices.
Although it had managed to regain some control - biz broadband services are
again live after the problem was resolved late yesterday afternoon - it did
warn that the attack may return at some point. The status page is here.
Sources close to Voipfone told us that they "do believe it is the same
attack as the other VoIP provider" but went on to add that they have
nothing official to say at the moment other than they are working to
resolve the issue as quickly as possible.
It goes without saying that customers have become increasingly frustrated
at being unable to access key digital communications services following a
return to work after the August Bank Holiday weekend.
In a statement, chair of Comms Council UK Eli Katz told us: "Comms Council
UK is aware of the Denial of Service attacks currently targeting IP-based
communications service providers in the UK and that a small number of our
members have been impacted. We have communicated the issue to our
membership and are continuing to liaise closely with them to share further
information and support as the situation develops."
UK law enforcement agencies have been informed of the attack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210902/1909706e/attachment.html>
More information about the BreachExchange
mailing list