After refusing to pay ransom, Basecamp hit with DDoS

Basecamp, a project management application, is the latest victim of an extortion scheme that promises DDoS attacks unless a ransom is paid. The service was down for several hours on Monday as attackers slammed the network with malicious packets.

“This attack was launched together with a blackmail attempt that sought to have us pay to avoid this assault,” Basecamp’s David Heinemeier Hansson said in a status update on GitHub.

“The only thing we’re certain of is that, like Meetup, we will never negotiate by criminals, and we will not succumb to blackmail. That would only set us up as an easy target for future attacks,” Hansson said.

According to law enforcement, Meetup and Basecamp are just two of the victims who were blackmailed, Fotolia, GitHub, and many others were also targeted by the same person / people.

“We’ve pooled our law enforcement efforts with the other victims now, and are working with the same agent on the case. While tracking down these criminals is notoriously hard, we’ll do our very best to bring them to justice,” Hansson added.

By mid-morning on Monday, service had been restored to 95 percent of the network, but Hansson explained that there was no guarantee that the attacks wouldn’t resume. At peak, the DDoS reached 20 Gpbs, low on the scale of other attacks, but enough to force the service to shutdown.

“Other victims have told us about how the attacker would take a break, and then try again later with a different method. Hopefully that will not be the case, but we remain on the highest alert for now.”

The company has promised a full incident report within 48-hours, assuming the attacks do not resume.