VoIP provider Voipfone UK KO again by DDoS attack
Customers of VoipfoneUK broadband internet provider and Voice-over-Internet-Protocol (VoIP) service expressed frustration after the provider was once again knocked out by a major distributed denial of service attack (DDoS) against their servers, which periodically affected both them and Unlimited Voip since last month.
DDoS attacks usually work by overloading a target server or end user with masses of data requests from multiple internet connected devices (often computers / botnets hijacked by malware etc.) which can cause the crash. target or significant performance issues until the bad traffic either stops or can be mitigated (easier said than done with large-scale assaults).
Unfortunately, DDoS attacks happen all the time against UK ISPs and are pretty much normal in this industry, but most can be mitigated and few are significant enough to disrupt the connectivity of many end users. However, recent extortion-based DDoS attacks against Voipfone and Voip Unlimited have caused significant disruption for carriers and their customers since their start in late September (here and here).
The latest incident started yesterday and quickly disrupted all of the operator’s VoIP, broadband, landline and other connectivity services (VoIPfone Status). “We apologize for the interruption of our services, we defend a DDoS attack based on extortion by foreign criminals“Voipfone said, vaguely referring to the ransomware gang (previously named REvil).”We are continuing to work on a fix for this issue.“, they added.
The situation naturally caused growing frustration among customers of both operators, as early sympathy for the situation was gradually eroded by the repetition of such events.
Example of customer complaint 1
âEverything starts againâ¦ Voipfone is down! For a day and a half :-(. When I called them today they said “We are under attack, but now we are on Cloudflare, we expect the outages to last no more than one hour while their algorithms determine malicious IP addresses It was 10 a.m. on Monday and now it’s 12:30 a.m. on Tuesday.
No work phone for me, that’s no deal so it’s no joke. Communication is poor and my confidence in VOIP is seriously damaged. I may need to port my VIOP number to a good old POTS service (I can’t wait and they lose my number).
Customer complaint example 2
âI thought you might be interested to know that Voipfone is undergoing another DDoS attack. It started yesterday.
This follows the September attacks. Very little information from the company which is disappointing.
This raises questions about the resources of small VoIP businesses to protect against such attacks.
We use Voipfone for residential and commercial service.
Industry sources have informed ISPreview.co.uk that the ransomware gang involved now appears to be using their attacks on Voipfone and Voip Unlimited as an example to threaten other VoIP providers with similar attacks, unless they agree to pay protection racketeering fees. Some operators have indicated that the requested fee is 10 Bitcoins per year, which is now worth around Â£ 452K.
We asked the Communications Council United Kingdom (formerly ITSPA), which represents the United Kingdom Unified communications and the VoIP phone industry, to comment on the situation and await their response. Ofcom and relevant parts of the security services (police) are supposed to be aware of the ongoing issues, although there is little the regulator can do to tackle the immediate problem.
In addition, we note that the Voip Unlimited website is also still down today, although their own Service status the page does not report any issues with their services.
UPDATE 9:55 a.m.
The Comms Council UK kindly responded.
Eli Katz, Chairman of the Comms Council UK, said:
âSeveral Comms Council UK members and international IP communications service providers have been subjected to Distributed Denial of Service (DDoS) attacks over the past four weeks, which appear to be part of a coordinated international campaign focused on extortion carried out by professional cybercriminals.
We are in close liaison with the UK government, the National Cyber ââSecurity Center, Ofcom and international agencies to share information and details on the nature of the attacks in the hope of ending this most criminal activity. quickly possible.
As our members provide telecommunications services to critical infrastructure organizations including the police, the NHS and other public services, attacks on our members are attacks on the foundations of UK infrastructure.
We are convinced that, through a joint government-led initiative, this damaging criminal activity can be stopped. “