MWW Hit with Ransomware
A message to our customers about the recent attack
We want to make our customers aware of the event that caused an outage yesterday, and inform you of the measures we have taken and will take to ensure the safety and reliability of our services.
At approximately 3:00 AM on Wednesday, July 22, our host server was infected by ransomware. Server files were encrypted and hosted websites stopped working; email was not affected.
The email address of the attackers indicates they are from the Czech Republic. They requested money to un-encrypt our files. This was clearly extortion and we did not consider paying. We are looking through router logs to learn more.
To restore service we worked with our server admins to completely rebuild our host server and restore site files from our most recent backup. These servers have very large hard drives (totaling 1.6 TB), and rebuilding/restoring a host server can take many hours. By 4:30 PM all 350 websites were back up and running.
We had a tight firewall in place and anti-virus programs installed on each server, including the host itself. Because we have a rigorous backup strategy, data loss was minimal.
This is unprecedented in the history of Montague WebWorks. In our twelve years of operation we have experienced many hack attempts, including DoS and "cross-site-scripting," but never have we had our host server taken out.
While working with our server admins on restoring service, we discussed the state of the Internet today, in terms of hacking attempts, and they said they'd noticed a serious uptick in this activity over the past 30 days. They've been busy with their other customers, too.
We have increased security on each server, and reviewed firewall rules. We were already in the process of creating a mirrored server for critical events when this attack happened and are close to completing that task. This solution will be hosted at a separate location. If a major disruption should occur again, we will have near-live redundancy and will be able to flip to the secondary server in minutes while we address any issues on our main servers.
As we all do when faced with adversity, we have learned much from this attack, and will be more prepared for the next time something like this happens.
Thank you for your patience and understanding. We work very hard to earn your trust and to keep your business. If you have any questions, please feel free to call me or reply to this email.
-Mik Muller, and the MWW team
Posted: to WebWorks News on Thu, Jul 23, 2020
Updated: Fri, Jul 24, 2020