Telephone calls are interrupted by ongoing DDoS cyber assault on


Quebec-based telephone service provider is facing an aggressive DDoS (Distributed Denial of Service) cyber attack, which is disrupting phone calls and services. The incident began around September 16 and put a strain on the systems, websites and operations of the VoIP provider. serves over 80,000 customers in 125 countries, many of whom are now having problems with voice calls.

Voice calls and services interrupted by DDoS attack

Last week, Canadian Voice over IP service provider announced that it became aware of an issue preventing customers from accessing its website and was working on a solution. Fast forward to today: the problem persists and has been attributed to an ongoing DDoS attack.

DDoS is a form of cyberattack in which several computers or “bots” are used simultaneously by an attacker to send a large number of requests to an Internet server that exceed the server’s capacity. As a result, if an Internet server is exposed to a sophisticated DDoS attack, customers may experience degraded performance or crash altogether. VoIP is a set of technologies that enable phone calls to be made through Internet-connected servers, which, like all Internet services, make them vulnerable to DDoS attacks.

To this day, is still fighting the cyber attack:

All of our resources are still working to stabilize our website and voice servers due to the ongoing DDoS attacks. We understand the importance of the impact it has on our customers’ operations and we want to assure you that all of our efforts are directed towards restoring our service.

– (@voipms) September 22, 2021

As Ars saw, the website now requires visitors to resolve captchas before being allowed in. Previously, the website occasionally threw HTTP 500 (service unavailable) errors. website asks for captcha.Enlarge / website asks for captcha.

Ax sharma

The website states: “A Distributed Denial of Service (DDoS) attack continues to be directed against our websites and POP servers. Our team is making continuous efforts to stop this although the service is intermittently affected.”


Threat actors are calling for over $ 4.2 million in extortion attacks

Tweets exchanged between and the threat actors provide interesting insights. The threat actors behind the DDoS attack are called “REvil”, but it is not conclusive whether they are the same REvil ransomware gang known to have previously attacked prominent companies, including the world’s largest Meat processor JBS.

In addition, this incident was referred to as a blackmail attack due to the multiple demands made by the threat actor on for Bitcoins.

“This is possibly a cyber extortion campaign. They bring down services through DDoS and then ask for money. I don’t know if the DDoS attack and the ransom note came from the same idiots, ”commented the Twitter user PremoWeb and pointed out a Pastebin note that it has now been removed. The remote note retrieved by Ars shows that the attackers’ first request for 1 bitcoin, or just over $ 42,000, was:

Pastebin note now removed, retrieved from Ars.Enlarge / Pastebin note now removed, retrieved from Ars.

Ax sharma

But two days later, the demand increased to 100 bitcoins, or over $ 4.2 million:

“Okay, enough communication … The price for us to stop doing this is now 100 bitcoin in the Pastebin BTC address. I’m sure your customers will appreciate your 0 [expletive] Attitude given in several legal proceedings “, it says in the tweet signed” REvil “.

Attackers increased the demand from 1 BTC to 100 BTC.Enlarge / Attackers increased the demand from 1 BTC to 100 BTC.

Earlier this month, the British Telecom VoIP Unlimited was hit with a similar DDoS attack, which is believed to have originated from “REvil”. However, the threat actors behind these attacks are likely to be different from the REvil ransomware operator.

“REvil is not known for DDoS attacks or public ransom demands, as is the case with the attack,” explains Lawrence Abrams of the BleepingComputer news site. “The extortion method used in this attack leads us to believe that the attackers are simply mimicking the ransomware operation to further intimidate” customers can monitor the company’s Twitter feed for updated information on the situation.