a2 hosting - looks like a potential ransomware attack
-
Anybody else have any sites hosted there? One of my clients have a site there and it's been down for a few days - trying to procure some sort of offsite backup to re-upload somewhere else. I suspected some sort of ransomware attack when I came across this article:
https://www.theregister.co.uk/2019/04/26/a2_hosting_outage/
At least one person in the comments mentions that he saw all of his files renamed with a *.lock extension via FTP.
-
@JaredBusch has had a customer down for several days on there, too.
-
@frodooftheshire said in a2 hosting - looks like a potential ransomware attack:
At least one person in the comments mentions that he saw all of his files renamed with a *.lock extension via FTP.
that definitely gives that impression, then.
-
@frodooftheshire Presumably your customer is using Windows IIS hosting and can't use a general purpose hosting provider or they'd not be on A2?
-
Actually I don't know why they're on IIS - their website, if my memory serves me, is quite basic. Their previous IT team placed them there and it's been on our list to move them to new hosting services - this is just unfortunate timing.
-
Their email stated it was a hack.
Could be a zero day or unpatch something with IIS hosting. /shrug.
They are restoring server by server from backups.
-
@scottalanmiller said in a2 hosting - looks like a potential ransomware attack:
@JaredBusch has had a customer down for several days on there, too.
They are still down.
-
My original thread.
https://mangolassi.it/topic/19394/a2-hosting-windows-server-outage -
@frodooftheshire This was the email the client received.
Thank you for your continued patience as we work through this difficult issue. We realize how important our services are to you and your clients. Our team has been working around the clock to resolve this issue and will not rest until the task has been completed.
Our preliminary investigation has determined that during the early hours on Monday the 22nd, our Windows platform was the victim of a malware attack. Once we detected the presence of malware, in order to prevent further spread, we shut down the entire Windows fleet and began our mitigation. To protect client data, our fleet has remained offline while we conducted our investigation.
Based on our initial investigation, we have no reason to believe that personal information or data was downloaded due to this malware. It is important to note that A2's Billing systems and internal infrastructure were not compromised in any way. This attack only targeted our Windows platform.
Our Engineering team determined that the safest course of action is to restore all servers from backup. This will ensure that no malware remains on any A2 systems. Around the clock work has resulted in several affected websites and servers coming back online. We are optimistic that at the current pace, the majority of the impacted services will be back online before the weekend. Individual servers will be listed on our status page as they become fully available again.
We are not taking this issue lightly. While our current main focus is to restore services, a thorough investigation will be performed and a more detailed report released later once our investigation is complete and services are back online.
Your continued patience and support is greatly appreciated.
-
Ouch...be interesting to know how the malware got in.
-
@StuartJordan said in a2 hosting - looks like a potential ransomware attack:
Ouch...be interesting to know how the malware got in.
Windows
-
@scottalanmiller haha very true...why people want to use IIS these days for their platform is beyond me.
-
@scottalanmiller said in a2 hosting - looks like a potential ransomware attack:
@StuartJordan said in a2 hosting - looks like a potential ransomware attack:
Ouch...be interesting to know how the malware got in.
Windows
No, Linux.
Because I'm sure it was written on there!
-
@Obsolesce said in a2 hosting - looks like a potential ransomware attack:
@scottalanmiller said in a2 hosting - looks like a potential ransomware attack:
@StuartJordan said in a2 hosting - looks like a potential ransomware attack:
Ouch...be interesting to know how the malware got in.
Windows
No, Linux.
Because I'm sure it was written on there!
A2 is a Windows platform. Thats its purpose. Yheir focus is IIS hosting.
-
@StuartJordan said in a2 hosting - looks like a potential ransomware attack:
@scottalanmiller haha very true...why people want to use IIS these days for their platform is beyond me.
It is interesting though, the hype right now is about Site Core which also happens to run on IIS.
https://www.sitecore.com/ -
@scottalanmiller said in a2 hosting - looks like a potential ransomware attack:
@Obsolesce said in a2 hosting - looks like a potential ransomware attack:
@scottalanmiller said in a2 hosting - looks like a potential ransomware attack:
@StuartJordan said in a2 hosting - looks like a potential ransomware attack:
Ouch...be interesting to know how the malware got in.
Windows
No, Linux.
Because I'm sure it was written on there!
A2 is a Windows platform. Thats its purpose. Yheir focus is IIS hosting.
Absolutely false.
-
@JaredBusch no one said that hey didn't OFFER something else, but what makes them a viable product is their unique Windows offering.
