Basecamp hit by DDoS extortion attempt

News
By ( CloudPro ) published

Project management SaaS tool held to ransom by cyber criminals

Cyber crime posted within binary code

Online project management and collaboration service Basecamp has been the victim of an extortion attempt that resulted in a service outage.

Hackers aimed a 20Gbps flood of data at the firm's servers, which resulted in the service going offline for a few hours before it managed to get back online.

The attack started at 8.46am US Central Time and came after the company refused to pay an unspecified ransom in order to avoid the attack, which prevented legitimate traffic from passing through.

"We've learned that the very same criminals currently attacking and trying to extort us hit others just last week," Basecamp noted in a blog post.

"We're comparing notes with everyone affected who have been in touch. The blackmail came from an address matching this pattern: dari***@gmail.com. If you have been extorted by this person, please get in contact so we can compare notes on both technical defenses and the law enforcement effort to hunt them down."

According to the blog post, the onslaught came weeks after a similar DDoS attack hit the servers of Meetup, which took a whole weekend for that firm to deal with.

"There's no guarantee it will not resume. Other victims have told us about how the attacker would take a break, and then try again later with a different method. Hopefully that will not be the case, but we remain on the highest alert for now," Basecamp added.

Daniel Korel, security analyst at IT security firm DOSarrest Internet Security, said that such attacks are fairly easy for someone with relatively little knowledge and malicious intent to carry out.

"With the anonymity of the internet to hide behind, it can be an attractive proposition for an attacker to attempt to extort a high-traffic websites such as Meetup and Basecamp for money," he said.

Russ Spitler, vice president of product strategy at AlienVault, added that DDoS was a rather unsophisticated attack and "unfortunately these days the easy access to distributed botnets or amplification techniques make large scale attacks feasible for rather insignificant attackers."

"I applaud the fact that Basecamp refused to negotiate with these attackers - just like kidnapping we won't see the end of this type of exploitation disappear until we have a consistent 'no-negotiation' policy across the internet," said Spitler.

Rene Millman
Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.

Latest in Security
Ransomware concept image showing a warning symbol in red with binary code in background.
Healthcare systems are rife with exploits — and ransomware gangs have noticed
Application security concept image showing a digitized padlock placed upon a digital platform.
ESET looks to ‘empower’ partners with cybersecurity portfolio updates
NHS logo displayed on a smartphone screen in white lettering on a blue background.
NHS supplier hit with £3m fine for security failings that led to attack
OpenAI logo and branding pictured at Mobile World Congress 2024 in Barcelona, Spain.
OpenAI announces five-fold increase in bug bounty reward
Cybersecurity concept image symbolizing third-party data breaches with give padlock symbols and one pictured in red, signifying a security breach.
These five countries recorded the most third-party data breaches last year
Phishing concept image showing an email symbol with fishing hook.
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
Latest in News
Ransomware concept image showing a warning symbol in red with binary code in background.
Healthcare systems are rife with exploits — and ransomware gangs have noticed
Application security concept image showing a digitized padlock placed upon a digital platform.
ESET looks to ‘empower’ partners with cybersecurity portfolio updates
Databricks logo and branding pictured on a MacBook Pro screen.
Databricks and Anthropic are teaming up on agentic AI development – here’s what it means for customers
Dell Technologies logo and branding pictured at the company's stall at Mobile World Congress (MWC) in Barcelona, Spain.
Scale of Dell job cuts laid bare as firm sheds 10% of staff in a year
Male employee sitting at a desk working on a laptop with earphones in and books scattered on desk.
Employees want purpose, and they’re willing to quit to find it – upskilling, career growth, and work-life balance have shifted priorities for workers
NHS logo displayed on a smartphone screen in white lettering on a blue background.
NHS supplier hit with £3m fine for security failings that led to attack
More about security
Application security concept image showing a digitized padlock placed upon a digital platform.

ESET looks to ‘empower’ partners with cybersecurity portfolio updates
NHS logo displayed on a smartphone screen in white lettering on a blue background.

NHS supplier hit with £3m fine for security failings that led to attack
Ransomware concept image showing a warning symbol in red with binary code in background.

Healthcare systems are rife with exploits — and ransomware gangs have noticed
See more latest
Most Popular
Ransomware concept image showing a warning symbol in red with binary code in background.
Healthcare systems are rife with exploits — and ransomware gangs have noticed
Application security concept image showing a digitized padlock placed upon a digital platform.
ESET looks to ‘empower’ partners with cybersecurity portfolio updates
Databricks logo and branding pictured on a MacBook Pro screen.
Databricks and Anthropic are teaming up on agentic AI development – here’s what it means for customers
Dell Technologies logo and branding pictured at the company's stall at Mobile World Congress (MWC) in Barcelona, Spain.
Scale of Dell job cuts laid bare as firm sheds 10% of staff in a year
Male employee sitting at a desk working on a laptop with earphones in and books scattered on desk.
Employees want purpose, and they’re willing to quit to find it – upskilling, career growth, and work-life balance have shifted priorities for workers
NHS logo displayed on a smartphone screen in white lettering on a blue background.
NHS supplier hit with £3m fine for security failings that led to attack
OpenAI logo and branding pictured at Mobile World Congress 2024 in Barcelona, Spain.
OpenAI announces five-fold increase in bug bounty reward
Digital handshake concept with Hand shake between two businessmen with digital hand
SYSPRO appoints Josef Al-Sibaie to spearhead global expansion
ChatGPT logo and branding pictured in white coloring against a black backdrop.
DeepSeek and Anthropic have a long way to go to catch ChatGPT: OpenAI's flagship chatbot is still far and away the most popular AI tool in offices globally
A telephoto shot of Evan Goldberg, founder and EVP at Oracle NetSuite, pictured from the waist up speaking onstage at the opening keynote of SuiteConnect London 2025.
‘Every feature that comes into NetSuite over the coming years is going to have AI’: NetSuite’s Evan Goldberg on the future of the platform and how AI will drive customer success