[BreachExchange] Reeling from ransomware attack, Managed.com takes down its entire web hosting infrastructure

[Destry Winant]

https://grahamcluley.com/ransomware-attack-managed-com-web-hosting-infrastructure/

In the early hours of Monday morning, Managed.com – a major provider
of managed web hosting solutions – discovered it was the victim of a
co-ordinated ransomware attack, encrypting not only its own systems
but also the websites of customers.

Within hours the company had decided to take down its entire
infrastructure. That has the advantage of meaning that no more damage
can be done by the ransomware against the websites and databases of
customers, but has the colossal drawback of meaning that those same
websites are no longer accessible.

As you can probably imagine, customers – some of whom seem not to be
aware that their web hosting provider has suffered a severe ransomware
attack – are less than happy to find their websites are no longer
online.

With luck, the technical team at Managed.com will be able to restore
systems and secure them against reinfection. Although it’s unclear how
many days or weeks it may take them to recover their customers’
websites – time that no online business can afford to be without an
online presence.

But even if Managed.com does recover its systems, that isn’t
necessarily the end of the problem. It is becoming increasingly common
for ransomware attacks to not just be about encrypting files, but also
exfiltrating sensitive data and threatening to publish it or sell it
on to other cybercriminals if a ransom is not paid.

According to Bleeping Computer, the REvil ransomware gang is currently
demanding US $500,000 from Managed.com for a decryption tool.