In the early hours of Monday morning, Managed.com – a major provider of managed web hosting solutions – discovered it was the victim of a co-ordinated ransomware attack, encrypting not only its own systems but also the websites of customers.
Within hours the company had decided to take down its entire infrastructure. That has the advantage of meaning that no more damage can be done by the ransomware against the websites and databases of customers, but has the colossal drawback of meaning that those same websites are no longer accessible.
As you can probably imagine, customers – some of whom seem not to be aware that their web hosting provider has suffered a severe ransomware attack – are less than happy to find their websites are no longer online.
With luck, the technical team at Managed.com will be able to restore systems and secure them against reinfection. Although it’s unclear how many days or weeks it may take them to recover their customers’ websites – time that no online business can afford to be without an online presence.
But even if Managed.com does recover its systems, that isn’t necessarily the end of the problem. It is becoming increasingly common for ransomware attacks to not just be about encrypting files, but also exfiltrating sensitive data and threatening to publish it or sell it on to other cybercriminals if a ransom is not paid.
According to Bleeping Computer, the REvil ransomware gang is currently demanding US $500,000 from Managed.com for a decryption tool.