Cyber Incident Victim: Voip Unlimited
Date:
Aug 2021
Location:
United Kingdom
Summary
A UK VoIP provider and another operator suffered sustained DDoS attacks linked to the REvil cybercriminal gang, accompanied by a substantial ransom demand. The attacks caused intermittent or total loss of connectivity for some services, disrupting voice calls and SMS capabilities, while broadband services remained largely unaffected. The incidents occurred over a bank holiday weekend and continued intermittently, leading to customer frustration post-holiday. The UK Comms Council alerted members about coordinated attacks targeting multiple SIP providers, characterizing them as organized criminal activity. Law enforcement was notified, and mitigation efforts were ongoing, though the attackers' persistence posed continued risks to service stability.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On August 31, 2021, at 2pm, UK-based VoIP provider Voip Unlimited suffered a sustained, large-scale distributed denial-of-service (DDoS) attack attributed to the Russian cybercriminal group REvil. The attack triggered intermittent or total loss of internet connectivity services for customers, though Voip Unlimited's Ethernet and Broadband services remained largely unaffected. A "colossal ransom demand" accompanied the attack, which the company described as sophisticated and alarmingly large. Simultaneously, London-based competitor Voipfone experienced service disruptions beginning during the August Bank Holiday weekend (August 28-30), with ongoing outages affecting voice calls, SMS, and inbound/outbound services as of September 2. Voipfone restored broadband services by late afternoon on August 31 but warned customers about potential renewed attacks. Both companies confirmed the attacks were ongoing despite partial service restoration, with Voip Unlimited reporting operational services under continued assault as of September 2.
The UK Comms Council notified members about coordinated DDoS attacks targeting multiple UK internet telephony providers, specifically naming REvil as the perpetrator organization. Industry sources indicated the attacks against both companies were likely connected. Voip Unlimited's managing director publicly accepted responsibility for service availability and apologized for disruptions impacting customers returning from the holiday weekend. Law enforcement agencies were formally notified of the incidents. Comms Council UK chair Eli Katz confirmed a "small number" of members were affected and emphasized ongoing information sharing among providers. Neither company disclosed technical details of mitigation efforts beyond Voipfone's temporary broadband restoration, though the industry body reiterated recommendations for DDoS protection strategies. Service disruptions caused significant customer frustration due to impaired business communications during peak post-holiday operational periods.