Threat Management, Incident Response, TDR

Basecamp becomes latest victim of extortion-based DDoS attack

Basecamp is on high alert.

The provider of web and app-based project management tools has become the latest victim of an extortion-based distributed denial-of-service (DDoS) attack, the company said in a notification posted to Github on Monday.

“Note that this attack targets the network link between our servers and the internet,” according to the notification. “All the data is safe and sound, but nobody is able to get to it as long as the attack is being successfully executed.”

The attack peaked at 20 gigabytes per second and caused apps to be slow and unresponsive. It had mostly subsided as of Monday afternoon, but Basecamp warned users that a denial-of-service could begin again at any moment.

The attackers are thought to be the same group responsible for carrying out other recent extortion-based DDoS attacks – notably, Meetup and Hootsuite were hit earlier this month – because the attack came with a similar blackmail attempt.

An investigation is ongoing with law enforcement and, in order to catch the responsible party, Basecamp has joined forces with the victims of similar attacks, according to the notification, which adds that the blackmail came from an address matching this pattern, “dari***”

“The only thing we're certain of is that, like Meetup, we will never negotiate [with] criminals, and we will not succumb to blackmail,” according to the notification. “That would only set us up as an easy target for future attacks.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.