On Monday morning of this week, Managed[.]com announced that they had suffered an issue that affected the availability of their services and that they are investigating the issue. It was first reported by ZDNet that managed[.]com was the victim of a ransomware attack that caused the company to take down their entire network, including customers’ websites to protect the “integrity of our customers’ data.” It was later confirmed that REvil, one of the most prolific ransomware families, was used to execute the attack and that they are demanding $500,000 USD in Monero cryptocurrency for the decrypter. It is currently unknown if REvil stole any unencrypted files from Managed[.]com before encrypting their files but stealing sensitive data is a trend with ransomware attacks so it cannot be ruled out. In a recent interview with a REvil representative, the ransomware operation claims to earn over $100 million a year in extortion payments.
For any ransomware attack, companies should have a regularly-tested response plan in place that details procedures on how to best recover from these situations. Part of a strong response plan would be to create clean and secure backups of data that can be used to replace encrypted data after the infected servers are wiped clean. The 3-2-1 guideline for backups is to have three copies of the data on two separate storage media with one of them being offsite. It is likely that redundant backups would cost less than $500,000, but the downtime for customers of restoring everything from backups would still be disruptive. A strong plan to prevent disruptions should include layers of security controls with regular monitoring of security events to quickly detect intruders and respond to stop them before they gain control over the entire network. Binary Defense provides managed security services including a 24/7 Security Operations Task Force that watches over the systems of our clients and responds at any time of day to stop intrusions.
Source Article: https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-managedcom-hosting-provider-500k-ransom/