On September 16th, VoIP provider, VoIP.ms, began dealing with a ransom DDoS (Distributed Denial of Service) attack. It took down almost all their services and portals, leaving the majority of their customers without phone services. The threat actors targeted both DNS name servers and direct IP addresses. Within the first couple days, REvil took ownership and demanded payment. Before the 16th, multiple other VoIP providers in the UK had also been attacked.

Because of this, Bill reached out to our VoIP partner on September 23rd, bringing up his concern that a similar attack would occur again and impact our team and clients. A mere two days later, his prediction came true. Bandwidth.com, one of the main telephone providers for US VoIP companies, was attacked by REvil, the same group that hit VoIP.ms, Kaseya and BMS this year. The impact trickled down to many major VoIP providers for businesses like ours. One of our clients was noticeably impacted, but Bill kept all of our clients with the VoIP partner's system updated just in case. Issues revolved around inbound calls to auto attendants, outbound calls and dropped calls. Around end of business yesterday (September 28th), things thankfully started to slow down after a rough start to the week.

So, even though the problem didn’t impact our company’s clients too much, and is largely resolved, why should we still care? Because VoIP services are reliant on the Internet, servers and endpoints must be publicly accessible. Therefore, they are a prime DDoS target. With ease, the hackers are simply jumping from one carrier to the next, resulting in people running into hurdle after hurdle. How did we get out of this mainly unscathed? One, not all of our clients use the same VoIP provider. Two, we have not switched carriers, avoiding getting attacked twice. Three, our team uses separate systems for calling and texting. Therefore, even if our phones were to go down, we’d still have both text and email to communicate with our clients and address tickets. Of course, this separation does not mean you’re bullet proof, but at least it isn’t a one-stop-shop attack. All in all, criminals are beginning to realize "attacking the non-web servers of the Internet’s global VoIP providers [is] a new revenue source for extortion demands.”

If you’re worried about being victim to a multi-day VoIP outage, contact us to create a plan or to discuss your options. To learn more about the VoIP services we provide, click here. You’d be making the proactive choice, because “we may be at the beginning of a new era of cryptocurrency-enabled DDoS-driven extortion.”

headshot, owner, president, author, partners plus, IT company, IT services, SSD, recommendationBill Hogan is the Owner and President of Partners Plus. He has 40 years of experience in the technology services industry, specifically small business IT support. Bill has spoken at seminars all over the country about network management and published his latest book in 2018. Partners Plus was selected by PHL17 as the best Computer and Information Technology Support Company in the greater Philadelphia area in 2018.