Over the last few weeks we have
seen a sharp increase in attempts to hack into various servers over the
internet. The hackers seem to have two
particular goals for gaining access.
They may try to install rogue software on your server in order to use it
to send mass phishing emails, or to conduct an attack on another server. They may also attempt a fairly new form of
malware called ransomware. With
ransomware the attacker installs two key pieces of software on the
computer. The first searches the computer
for data files and backup files, and encrypts them in a password protected
file. The second program then completely
deletes the original file from your hard drive.
When your server reboots you’ll be presented with a screen that demands
$500-$1500 sent to the hacker in order for your data to be restored. This screen also locks you out of the
computer.
It is very important to stress that
there is no way around this once the hacker has gained access. The tools used by the hacker are all
legitimate programs that anti-virus solutions won’t flag as a threat. They are just being used illegitimately. The program completely destroys all original
data, and backups visible to the server.
The only way to restore your data is from your offsite (internet or portable
USB) backup.
Due to the nature of this threat we
strongly recommend you disable remote access into your server, whether it is
open to the outside world or not. Likewise,
you must be diligent at running your offsite backup daily. The importance of your offsite backup is
absolutely critical when it comes to a situation such as this. Without a good offsite backup you’re left
with the choice of taking the chance and paying the requested ransom, or moving
on without your data. If you are part of
our Managed Remote Backup Services, rest assured your data is protected.
Please follow the guide below for disabling remote access as soon as possible. If you are a contract support holder with us
you can just consider this a FYI, as we have already disabled remote
access to your system. If you need
remote access to your server, for working from home, or because there is no
monitor/keyboard/and mouse on it, please call Treneita at the office and
arrange a time to talk with one of our technicians about an alternate method.