REvil ransomware demands 500K ransom to hosting provider

Pierluigi Paganini November 19, 2020

Managed web hosting provider was hit with REvil ransomware that forced it to take down their servers and web hosting systems.

Managed web hosting provider was hit by a REvil ransomware attack over the weekend that took their servers and web hosting systems offline.

At the time of writing this post, hosting systems continue to be unavailable.

Early this week, the provider disclosed the incident and announced the launch of an investigation.

According to ZDNet, initially said that the incident only impacted a limited number of customer sites, but a few hours later it was forced to take down its entire web hosting infrastructure.

Impacted systems included WordPress and DotNetNuke managed hosting platforms, online databases, email servers, DNS servers, RDP access points, and FTP servers.

The company reported the incident to law enforcement and started working to restore its infrastructure.

The company only disclosed the ransomware attack on Tuesday and explained that it was forced to shut down its infrastructure to protect the integrity of its customer’s data.

“November 17, 2020 – On Nov.16, the environment was attacked by a coordinated ransomware campaign. To ensure the integrity of our customers’ data, the limited number of impacted sites were immediately taken offline. Upon further investigation and out of an abundance of caution, we took down our entire system to ensure further customer sites were not compromised. Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity.” reads an update published by the company. “Our first priority is the safety and security of your data. We are working directly with law enforcement agencies to identify the entities involved in this attack. As more information is available, we will communicate directly with you,”

BleepingComputer, citing multiple sources, states that was hit by the popular REvil ransomware gang that is demanding a $500,000 ransom in Monero to receive a decryptor. revil
Source Bleeping Computer

The REvil ransomware gang is known to use a double extortion model threatining to leak online files stolen from the victim, but it is not clear if they stole unencrypted files before encrypting devices of the provider.

REvil gang is one of the major ransomware operations, it has been active since April 2019, its operators claim to earn over $100 million a year through its RaaS service.

In a recent interview with the public-facing representative of REvil, the ransomware operation claims to earn over $100 million a year in extortion payments.

The list of the victims of the group is long and includes TravelexKenneth ColeSeaChangeBrown-Forman, BancoEstado, Grubman Shire Meiselas & Sacks (GSMLaw), Valley Health Systems, Telecom Argentina, and Lion.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking,

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment