New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
At least they had backups unlike these suckers...
The problem is that in this kinda situation the clients never will be satisfied. Even if their ToS said "We don't take any backups, take your own" they'd be angry. Now, if they officially don't do backups and give that responsibility to the client, clients would be expected to keep their own, right? It appears however, that many clients didn't and thus A2 is restoring from kinda old emergency/disaster backups they took in a specific (maybe not so frequent) pattern. However that doesn't seem to make clients feel grateful either. That's why when things like this happen there's bound to be chaos. Sorry if I'm just assuming things but I don't know if they usually advertise daily backups or not (their website keeps blocking me).
Another problem you shouldn't rule out too quickly is that the ransomware is in your backups. Not uncommon for ransomware (or any other type of trojan) to just sit there for some time before becoming active. Restoring from yesterdays backups in this type of event sounds incredible simple, except that you're very likely doing the very same thing the next day.
True. Maybe that's also why A2 backups are kinda old to achieve a state before that happened? Anyway I don't know anything about A2 regular backup frequency/policy but that could also be the case.
Can't really say as I don't have any more information than you do. But unless they know what ransomware hit them in the first place, any backup is tricky to restore because they don't know what they're looking for and chances are they'll end up in the same situation as they did last week.
Of course a backup that is really old is less likely to contain this ransomware, but then it's still up to them to find out what caused the infection in the first place. One needs administrative privileges (which can be done by utilizing an exploit) in order to successfully encrypt all data. So this is another thing they need to figure out before they go live.
Well that's certainly a situation I wish for no provider to have. Iirc just a year (or 2 ago) smth like this happened to a smaller Australian?! company and they lost like almost all their clients because of this.
It really is a crappy situation. I was involved in a similar outbreak that happened a few years ago (back when I was still into the system administration stuff). Not in the hosting business, by the way.
It took us 48 hours (no sleep at all) to get everything restored. Even-though we had backups that were only 3 hours old, we were hesitant to restore them as we weren't sure whether or not the trojan was already in there. So we resorted to running the trojan in an isolated environment and reverse engineered it so we could get grip on it's signature. In our particular case, it was abusing a Microsoft Office (Microsoft Word) exploit in combination with an exploit in a specific component of Windows 7. The backup that was 3 hours old actually had this virus signature already in some files, so we resorted to restoring the 3 hour old backup only for the files who were not already affected, and restored the rest of the files from a 7-day old backup.
So, long story short: we had to resort to disabling this component in Windows 7 and disallowed Microsoft Office to be used until Microsoft had released a hotfix. Backups don't necessarily help you simply restore from virus outbreaks as the virus usually hides in these files.
Funny thing: A2 Hosting is quite closely affiliated with ZPanel/Sentora, if I recall correctly. Y'know, these guys.
I always used to think A2 hosting was acquired by EIG.
good to know some handful of hosts are left to provide better services.