At least three UK VoIP providers have been hit by a DDoS attack, according to the Cloud Communications Alliance (CCA).
In an email sent this morning, CCA said it has learned of a “sophisticated, specific and ongoing attack”, believed to be from Russian cybercriminal organisation REvil.
Two providers revealed they were victims of the attack last week, but the third company was not named by CCA.
Poole-based Voip Unlimited said the attack on its core network started on 31 August and was continuous for 75 hours. An update from this firm this morning said it did not observe any further attacks over the weekend.
London-based Voipfone reported its attack at the same time and said this morning that its services are fully operational, with traffic being closely monitored.
Both firms saw their services disrupted over the three-day period.
CCA said that the culprits were demanding ransom, starting at 1 Bitcoin but quickly increasing.
The attack involves hammering a company’s network with traffic of between 100-450 gigabits per second, often for up to 24 hours on multiple occasions. It starts with an attack on IP addresses used for SIP ingress and egress but then migrates to other services.
CCA said the attack is capable of evading some typical DDoS prevention measures.
Voip Unlimited Managing Director, Mark Pillow, told The Register: “At 2pm 31st August, Voip Unlimited’s network was the victim of an alarmingly large and sophisticated DDoS attack attached to a colossal ransom demand.
“UK Comms Council have communicated to us that other UK SIP (Session Initiation Protocol) providers are affected and identified them as a criminal hacking organisation called REvil who appear to be undertaking planned and organised DDoS attacks against VoIP companies in the UK.”
