Moonfruit Responds to Extortionist By Nixing Own Services

Mon, 14th December 2015, 13:01

The UK based webhost and website building platform Moonfruit has responded to DDoS cyberattack extortionist threatening their services by taking their own site offline, along with thousands of its clients websites.  Moonfruit is a subscription based service that lets customers easily build drag and drop websites from existing templates.

Matt Casey, Director of Moonfruit, states that the company had been threatened with a second cyber-attack and had decided to make its customers' websites unavailable for "up to 12 hours" to make infrastructure changes:

As a result of the threatened attack on Moonfruit, we have taken the decision to make significant infrastructure changes which will offer us the best possible protection against these attacks both today and in the future. Unfortunately as a result of these changes, and your own sites will be offline from approximately 10 am (GMT) today and will remain offline for up to 12 hours.

We appreciate this is very short notice, but we hope you understand the unusual circumstances we are facing. We planned for every eventuality over the weekend, but the final decision to go ahead with these specific changes was made this morning.

We’re genuinely sorry for the disruption this will cause, and please do bear with us. We have been working with law enforcement agencies regarding this matter and have spared no time or expense in ensuring we complete the work as quickly as possible.

On Friday Moonfruit sent out an email to clients explaining the reason for some brief downtime the day prior and the motivation for the attack.

We’re getting in touch to ask for your support in defending us from a malicious and illegal attack that we’re facing. You may have noticed some brief down on Thursday afternoon (10/12/2015). This was caused by an organization who call themselves the Armada Collective. This group carried out a DDoS attack on our servers for approximately 45 minutes. At the time of this attack, they contacted us to demand we pay them a large sum of money. They stated they would resume their attack on Monday should they not receive payment before then. Having investigated the group it is very clear that even if we were to pay them (something we would never consider) the attacks would not cease. In fact, whenever anyone has given in and paid them, the attacks get worse and the demands increase.
Since receiving the threat we have been working tirelessly to put in place any and all protection possible. We’ve also expedited a number of projects that will offer us long term protection from future attacks. We’re confident that we can fend off these attackers, but we do need your help.

Moonfruit says it’s working on placing unbranded holding pages in place to visitors to site will be aware of why a site is not online. There is no risk to financial information, and customer information is protected from being accessed.

django, rails, and wordpress hostingHosting for developers