REvil ransomware attack forced hoster to disable client sites

REvil ransomware attack on
Written by Emma Davis

Earlier this week, major web hosting solution provider suffered from a ransomware attack called REvil. The company was forced to shut down all of its servers, and even client sites were affected by the incident.

According to ZDNet, the attack took place on November 16, 2020, and on the same day, the company’s specialists decided to disable all their systems, including those that support user sites, to protect the “integrity of customer data.”

At first it was reported that the ransomware managed to encrypt only a few sites, which were immediately isolated and disabled, but later the company warned that the attack affected the entire hosting infrastructure, including managed WordPress hosting solutions and DotNetNuke, mail servers, DNS servers, RDP endpoints, FTP servers and databases.

Currently, restoration work is underway, and the company is conducting an investigation of the incident, together with law enforcement agencies.

Upon further investigation and out of an abundance of caution, we took down our entire system to ensure further customer sites were not compromised. Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity.reads the official message

Journalists note that at the beginning the company tried to pass off this attack as unscheduled technical work, but rather quickly the representatives of realized their mistake and reported on the real state of affairs.

Now worried clients of the hosting company write on the company’s forums that their sites may be unavailable for days or even weeks. People cite a similar incident that affected A2 Hosting in May 2019. Back then, it took the company over a month to get back to normal functioning, and many customers had to wait for their sites and site data to be restored.

According to the Bleeping Computer, which cites its own sources in the information security community, the responsibility for this attack lies with the operators of the ransomware REvil. According to a screenshot obtained by the publication, REvil is demanding a ransom of $500,000 from the affected company.

REvil ransomware attack on
However, it is still unclear whether the hackers managed to steal any data from the company before encrypting the files.

REvil is a Ransomware-as-a-Service that began infecting victims in April 2019 and has since grown to become one of the largest currently operating ransomwares.

In a recent interview with the public-facing representative of REvil, the ransomware operation claims to earn over $100 million a year in extortion payments.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply