It has been reported that Managed.com, one of the biggest providers of managed web hosting solutions, has taken down all its servers in order to deal with a ransomware attack. The ransomware impacted the company’s public-facing web hosting systems resulting in some of the customer sites having their data encrypted.The company is now working with law enforcement to identify the attackers and also working on to restore their customers’ data which were lost as part of this attack. This included WordPress and DotNetNuke managed hosting solutions, email servers, DNS servers, RDP access points, FTP servers, and online databases.
Managed.com will no doubt have a huge amount on their plate right now, as they tackle the upheaval of getting back online and try to deal with the reputational damage – or even potential public backlash.
Companies continue to avoid admitting a ransomware attack until they have to, associating it with too much stigma. These attacks can largely be prevented, but persistent attackers act like water looking for cracks and when they add enough pressure, problems can and do occur.
It is always best to come clean at the earliest possible time to avoid any future backlash when the truth emerges, but businesses tend to think they will be able to brush off any reputational issues. It does, however, highlight the importance of a test and restore business function, and the benefits of including simulation attacks should a crisis occur.
It\’s essential to have documented procedures for handling various incidents and responses to support an event within any organization. These repeatable, established procedures should include communication paths and outlined responsibilities for all people involved in the incidents, whether it\’s an endpoint system infected with malware or an enterprise server environment compromised by ransomware.
It can damage the brand, reputation and possible bottom-line revenue if an outage source is not transparent to an organization’s customers. All communications should be internally authorized before making them public to avoid any confusion or concern by those who might use the victimized organization\’s product or service.