Earlier this week, major web hosting solution provider Managed.com suffered from a ransomware attack called REvil. The company was forced to shut down all of its servers, and even client sites were affected by the incident.
According to ZDNet, the attack took place on November 16, 2020, and on the same day, the company’s specialists decided to disable all their systems, including those that support user sites, to protect the “integrity of customer data.”At first it was reported that the ransomware managed to encrypt only a few sites, which were immediately isolated and disabled, but later the company warned that the attack affected the entire hosting infrastructure, including managed WordPress hosting solutions and DotNetNuke, mail servers, DNS servers, RDP endpoints, FTP servers and databases.
Currently, restoration work is underway, and the company is conducting an investigation of the incident, together with law enforcement agencies.
Journalists note that at the beginning the company tried to pass off this attack as unscheduled technical work, but rather quickly the representatives of Managed.com realized their mistake and reported on the real state of affairs.
Now worried clients of the hosting company write on the company’s forums that their sites may be unavailable for days or even weeks. People cite a similar incident that affected A2 Hosting in May 2019. Back then, it took the company over a month to get back to normal functioning, and many customers had to wait for their sites and site data to be restored.
According to the Bleeping Computer, which cites its own sources in the information security community, the responsibility for this attack lies with the operators of the ransomware REvil. According to a screenshot obtained by the publication, REvil is demanding a ransom of $500,000 from the affected company.
However, it is still unclear whether the hackers managed to steal any data from the company before encrypting the files.
REvil is a Ransomware-as-a-Service that began infecting victims in April 2019 and has since grown to become one of the largest currently operating ransomwares.
In a recent interview with the public-facing representative of REvil, the ransomware operation claims to earn over $100 million a year in extortion payments.
