Moonfruit takes customers’ sites offline, as it prepares for DDoS attack

A UK company which helps consumers and small businesses create websites and online stores has taken itself and its customers’ sites offline, after receiving threats about an imminent internet attack.

Moonfruit says thousands of customer sites will be offline for “up to 12 hours” as it makes changes to its infrastructure.

Moonfruit’s problems began on Thursday last week, when it suffered a 45 minute distributed denial-of-service (DDoS) attack.

In an email to customers on Friday, Moonfruit explained that the notorious Armada Collective gang were attempting to extort money out of the company:

We’re getting in touch to ask for your support in defending us from a malicious and illegal attack that we’re facing. You may have noticed some brief down on Thursday afternoon (10/12/2015). This was caused by an organisation who call themselves the Armada Collective. This group carried out a DDoS attack on our servers for approximately 45 minutes. At the time of this attack, they contacted us to demand we pay them a large sum of money. They stated they would resume their attack on Monday should they not receive payment before then. Having investigated the group it is very clear that even if we were to pay them (something we would never consider) the attacks would not cease. In fact, whenever anyone has given in and paid them, the attacks get worse and the demands increase.

The Armada Collective has hit the headlines in recent weeks after attacking the websites of webmail companies including ProtonMail, RunBox, Hushmail and Neomailbox, as well as a number of Greek banks.

In an update posted on its blog and Facebook today, Moonfruit explained that it was making “significant infrastructure changes” to withstand further DDoS attacks.

Moonfruit Facebook post

Obviously it’s unfortunate news – particularly for small businesses who might be reliant upon Moonfruit’s services to run their online stores in the run-up to Christmas. And it’s no surprise to see some Moonfruit customers complaining about the downtime and the disruption it is going to cause them.

However, let’s not forget that Moonfruit is a victim too – of, by internet standards, a particularly unpleasant criminal act.

Yes, it would have been better if Moonfruit had had sufficient DDoS mitigation systems in place before the Armada Collective targeted them for extortion, but they are at least joining a growing number of companies who are refusing to cave in to the blackmailers.

Although nobody is going to be happy if their website is down, we should applaud the courage of those businesses who are brave enough to stand up to extortionists. And, judging by the responses to its Facebook post, some of Moonfruit’s customers agree.

Support for Moonfruit

With the Moonfruit website currently inaccessible, I would advise customers to follow the company’s Twitter feed (@moonfruit) for the latest updates.

Author Graham Cluley, We Live Security

Follow us

Copyright © 2016 ESET, All Rights Reserved.