Managed web hosting provider Managed.com was hit by a REvil ransomware attack over the weekend that took their servers and web hosting systems offline.
At the time of writing this post, Managed.com hosting systems continue to be unavailable.
Early this week, the provider disclosed the incident and announced the launch of an investigation.
According to ZDNet, Managed.com initially said that the incident only impacted a limited number of customer sites, but a few hours later it was forced to take down its entire web hosting infrastructure.
Impacted systems included WordPress and DotNetNuke managed hosting platforms, online databases, email servers, DNS servers, RDP access points, and FTP servers.
The company reported the incident to law enforcement and started working to restore its infrastructure.
The company only disclosed the ransomware attack on Tuesday and explained that it was forced to shut down its infrastructure to protect the integrity of its customer’s data.
“November 17, 2020 – On Nov.16, the Managed.com environment was attacked by a coordinated ransomware campaign. To ensure the integrity of our customers’ data, the limited number of impacted sites were immediately taken offline. Upon further investigation and out of an abundance of caution, we took down our entire system to ensure further customer sites were not compromised. Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity.” reads an update published by the company. “Our first priority is the safety and security of your data. We are working directly with law enforcement agencies to identify the entities involved in this attack. As more information is available, we will communicate directly with you,”
The REvil ransomware gang is known to use a double extortion model threatining to leak online files stolen from the victim, but it is not clear if they stole unencrypted files before encrypting devices of the provider.
REvil gang is one of the major ransomware operations, it has been active since April 2019, its operators claim to earn over $100 million a year through its RaaS service.
In a recent interview with the public-facing representative of REvil, the ransomware operation claims to earn over $100 million a year in extortion payments.
The list of the victims of the group is long and includes Travelex, Kenneth Cole, SeaChange, Brown-Forman, BancoEstado, Grubman Shire Meiselas & Sacks (GSMLaw), Valley Health Systems, Telecom Argentina, and Lion.
(SecurityAffairs – hacking, Managed.com)