Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Windows Server hosting provider still down a week after ransomware attack

Windows Server hosting provider still down a week after ransomware attack

A ransomware infection has crippled the operations of a US-based web hosting provider for almost eight days now, several of the company’s disgruntled customers have told ZDNet today.

Impacted are all Windows-based servers owned by A2 Hosting, a provider of virtual private servers (VPS) and WordPress hosting services.

CUSTOMERS LOSING MONEY

The infection, which took place last week on April 23, has led to a week-long downtime that A2 staff has struggled to fix, leading to an unending stream of complaints and desperate pleas for help from customers bleeding money with each passing day of downtime.

View image on TwitterView image on Twitter
“My business and all my hard work have been gutted within eight days by a hosting company that clearly did not have robust security in place,” one of A2’s customers told ZDNet today in an online conversation.

“Over the last eight days I have lost my Google [search] ranking which took me a year to achieve, and my customer base which was finally growing has been ruined,” he said.

“Since the hack, A2 has provided zero information regarding my websites and database. I mean nothing, zero, zilch. I have been left to wait for an hour on hold calling support, to be told we understand your frustrations, but we cannot give you an ETA. They have this ridiculous update page, where nothing of substance is posted.”

These complaints were similarly echoed by tens of other customers on social media, over the past week

GLOBEIMPOSTER 2.0 IS THE MOST LIKELY SUSPECT

Based on currently available information, the ransomware infection appears to have snuck into A2’s network via its Singapore-based data center and later spread to other Windows Server instances, also impacting the company’s US operations.

Before A2 took all Windows servers down to avoid the ransomware from spreading to even more systems, some customers reported seeing files encrypted and renamed with a .lock extension.

Based on the .lock file extension and the infection date, the ransomware appears to be a version of the GlobeImposter 2.0 ransomware strain, whose operators have been extremely active over the past weeks, Lawrence Abrams, malware analyst and founder of Bleeping Computer, told ZDNet today.

GlobeImposter, a ransomware strain known to be installd via RDP, may also be the reason why A2 has disabled RDP access to its servers after the attack.

SERVER RESTORATION HAS BEEN COMING ALONG SLOW

The company has been unreachable since the incident, with all attempts to verify the ransomware attack with an A2 spokesperson failing as there was no direct line of communication. The company did not list an email for members of the media, the on-site chat widget redirected users to a status page, and all phone calls to a listed number ended up in being put on hold for tens of minutes, only to be asked to file a support ticket

Nevertheless, the company has been working to restore some services (appears to be restoring from its own backups), although, not fast enough, as there are still tens of customers complaining about problems accessing servers even this week.

A status page suggests that Windows servers are up and running for US and EU customers, but the company’s Singapore data center is still down for the count. But once the company finishes restoring services, it will also have to answer customer questions regarding possible data theft, as some customers now fear that attackers might have stolen some of their sensitive data before running the ransomware.

“If there is any message ZDNet can pass onto readers […] is to back up regularly,” an A2 customer who is still waiting to regain access to his website’s data told us today. “It’s never too late until it’s too late. I will never not back up again.”

A2’s ransomware incident is just the latest in a long line of ransomware attacks that have seen new life over the last three months, after appearing to die down during the last quarter of 2018.

Past incidents include ransomware incidents at aluminum provider Norsk Hydro, cyber-security firm Verint, the UK Police Federation, utility vehicles manufacturer Aebi Schmidt, Arizona Beverages, engineering firm Altran, the Cleveland international airport, and chemicals producers Hexion and Momentive.

Information Security - InfoSec - Cyber Security - Firewall Support Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India, Welcome to IT Monteur's Firewall Firm, India's No1 Managed Enterprise Network Security Firewall Support Provider Company in India, Firewall Firm Provider Complete range of Juniper Firewall Support , Cisco Firewall Support , Check Point Firewall Support , Palo Alto Firewall Support , FortiGate Firewall Support , Forcepoint Firewall Support , Sophos Firewall Support , WatchGuard Firewall Support , Baracuda Firewall Support , SonicWall Firewall Support , Gajshield Firewall Support , Seqrite Firewall Support , Firewall , Hardware Firewall , Software Firewall , Firewall India , Firewall , Network Firewall , Firewall Support , Firewall Monitoring , Firewall VPN , WAF Website Firewall , Firewall Security , Firewall India , Firewalls Support Provider in India , Firewall Support Services Provider Company in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket