It looks like hackers have hit Basecamp with a distributed denial-of-service (DDoS) attack and are demanding that the company pay a ransom.
Attacks like this flood a website with traffic so that legitimate users can't access it.
This is not a new tactic. Hackers have been holding companies hostage like this since the ‘90s. Earlier this month, Meetup.com was shut down after the company refused to pay a ransom of only $300.
It’s not clear how much money the people responsible for the attack against Basecamp — which offers project management software along with the group chat program Campfire — are asking for. Here is the official word from Basecamp, via GitHub:
This attack was launched together with a blackmail attempt that sought to have us pay to avoid this assault … There is unfortunately no single, quick fix to these attacks, so we regretfully ask for your patience in advance. As said, we're doing everything we can, and will work as quickly as possible, but it's impossible to give a clear timeline for ultimate resolution.The only thing we're certain of of is that, like Meetup, we will never negotiate by criminals, and we will not succumb to blackmail. That would only set us up as an easy target for future attacks.
The attack does not seem to have affected all users and, at 11:56 a.m. EST, the company claimed that it was "back in business for 95 percent of all customers."