Managed.com Hit by REvil Ransomware Attack, $500 K Demand

Hackers recently implemented a REvil ransomware attack on web hosting provider Managed.com. The attack began on Monday, November 16; in response, the site took down all of its servers as the ransomware affected public-facing web hosting systems, encrypting some customer sites. Further, the provider then took down its entire web hosting infrastructure. This includes WordPress and DotNetNuke managed hosting solutions, email servers, and DNS servers. 

Managed.com originally claimed unscheduled maintenance as the reason for the system takedown, before eventually revealing the real reason. Moreover, it remains unclear how long the web hosting infrastructure might remain down – it could take weeks to repair the damage.

BleepingComputer received multiple reports the REvil ransomware operation was behind the attack. The hackers demand $500,000 ransom in Monero for the decryption program. REvil is one of the world’s largest ransomware operations. 

Unfortunately, many enterprises choose to pay the ransomware demand in order to recover functionality as quickly as possible. This encourages more ransomware attacks, and may not even work; hackers aren’t known for their sterling moral character and may choose to reinfect a compromised system even after the payment. Otherwise, they may choose to end the ransomware at all. 

  

Expert Commentary on the Managed.com Ransomware Attack

Rusty Carter is CPO of LogRhythm

“In today’s evolving and fast-paced threat environment, an organization’s ability to immediately detect and respond to an incident is critical. Companies that house thousands of customer sites must implement proper technology to protect customer information. Managed.com believed the attack was unscheduled maintenance at first, leaving more time for malicious actors to cause harm. This attack highlights the importance of ongoing vigilance, a quick response time, and proper IT hygiene in every business, no matter the vertical or industry.”

“While there is no evidence that the data has been misused, customers are now facing frustrations as they decide to switch hosting providers or wait for their sites to be back online. Online businesses that hold large quantities of customer information will always be an attractive target for attackers, especially for organizations like Managed.com. It is critical that businesses employ real-time monitoring and clear visibility to rapidly detect and neutralize security threats that are detrimental to customers.”

Sanjay Jagad is Senior Director Products and Solutions at Cloudian.

“This incident spotlights the devastating impact ransomware can have on a company and its customers. As the threat of ransomware continues to grow, businesses must take steps to protect themselves and their customers, or risk damage to brand reputation. This is especially critical for managed service providers who not only have their own brand to think about, but the many others that rely on their services. To ensure full protection against ransomware, it is imperative that businesses invest in data protection at the storage level.”

Thanks to our experts for their time and expertise. For more on repelling ransomware, check out the Solutions Review Endpoint Security Buyer’s Guide. We cover the top security providers and their key capabilities in detail. Also, check out the Backup and Disaster Recovery Buyer’s Guide, which can help guide you in solutions for bouncing back from a ransomware attack.

  

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.

Ben Canner

Latest posts by Ben Canner (see all)