New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
The individual who previously complained about having paid the ransom yet not receiving the data has now closed his post and set it to private, rendering it inaccessible to others. What does this signify?
Where
what t f?
This is business ruining event. Where is @Cloudcone ?
eeping
yeah.. seems cloudcone is hacked.
hope our data, billing details are safe!
Sounds you're facing the same situation
Sorry for your $100
Pay $50 to decrypt the status page
I guess that does quality as "major incident" - ouch
https://status.cloudcone.com/incidents/346624
People here are not reporting network timeouts?
lol
>
SHOULD?!?!?!?!!
Yeah, like that. Probs just an english translation thing.
I am curious about the extent of the incident and how it is being handled.
In regards to client communications and notifications
The attacker seems to always be using the same address: https://polygonscan.com/address/0xEf35250A9A2A763F87E406C2a9187A5a389c09AA#tokentxns
Only transaction ever is this guy.
Damn. Hope everyone got backups. Probably will have to reinstall my idling dedi once I have time. And change account passwords.
I believe this issue could be isolated to just one server or one node. Up to this point this thread should have exploded in complaints but instead it is quite light.
At times like this, I would prefer Valve support on my side.
A little off topic but the guy you see in the video used to actually be a programmer. I follow his comedy videos a lot lol. I came to know he was a programmer when he made a (whiplash?) inspired chatgpt video and he used so many programming terms that I was super pleasantly surprised and then I saw comments to figure out other people wondering too and then some replied (or he himself? I forgot) replied that he used to be a programmer.
This guy's videos are awesome fwiw.
Also another comment but what are some good (vps?) which actually have a backup UI or backups enabled by default. I feel like I don't backup.
Any good cli tools as well would be preferable & where do you guys backup? Is there a standardized backup solution.
Also another point but wouldn't some concern be also over the fact that the hackers can see your data in your first place (even if you have backup)
Wouldn't this be really bad in some scenarios. Is there any way to prevent such thing too like LUKS encryption on rest maybe but I don't think LUKS encryption is supported for vps or do VPS support LUKS encryption?
ZeroByte, Kopia, Restic, borg, Duplicati, Databasus
There are shit tons of tools out there just people choose to blindly trust low-pricing services with "expensive data". That's their choice.
Alright that's great but where do we have the backup service point to? What are some options that you would recommend? Backblaze/Wasabi is usually said, maybe Ionos has the cheapest S3
I mean there is another thread https://lowendtalk.com/discussion/214024/what-backup-solution-you-use-or-better-what-is-the-ideal-let-backup-solution and people recommend storage vps's but wouldn't storage vps's from other servers/ LET providers might have the same issue too just as how cloudcone did?
Completely agree.
There are lots of tools to do backups, many of them free. Storage servers can be had for a few dollars a month.
There is no good excuse to not have backups.
I feel like hetzner backup solution can be good/cheap while still being really secure. If hetzner implodes, it would have some really harsh consequences which I don't see happening atleast right now.
I don't know for backup, I would prefer the semi big providers (just below the AWS,Azure,GCP things) like OVH,Hetzner.
I meaan I am not familiar with Cloudcone but this could've happened to anyone including a storage vps provider itself as well.
I guess though one can still use storage vps provider on the fact that if say the backup service gets hacked/blocked, you have the main service and can create another backup vps
and if the main service gets like (cloudconed?), then you have the backup
It is relying on the fact that the attack would just not happen in the same time on both whose chances might be low but never zero. But the same goes for maybe big providers who have multiple servers & might have your data in different locations like say OVH,hetzner too.
I guess Storage VPS or hetzner/ovh s3 both might be good enough but a backup is definitely a must.
@Advin has daily automatic backup, but would they vanish if you forget to pay?
Buy a damn physical SSD with few TB on it for your precious data, what data you have? A full mirror of Debian need to be backed up?
Nghia lele, did you saw prices on those SSDs? 7$ VPS is way better in short term dopamine secretion.
Hello,
We acknowledge the incident that has happened today
What We First Observed
We were initially alerted to the incident when our monitoring systems detected that several VMs lost network connectivity. Upon investigating, we found ransom messages being displayed at boot on all of the affected VMs.
Our engineering teams immediately isolated the affected servers and began analysis. During the investigation, we confirmed that the boot sectors of impacted VM disks had been overwritten with the ransom message. We are attempting to recover the data by various means including examining raw block devices, reconstructing partition tables, and searching for intact filesystems.
How the Attack Was Executed
Meanwhile, the team investigating the breach discovered that a remote bash script (which is no longer accessible) had been executed across all affected nodes. Shell histories on those hosts had also been cleared. We performed a thorough review of authentication activity using system journals, rotated log files, login records and auditing data and found no evidence of unauthorized SSH access. All recorded user logins matched known internal accounts.
At this point, we started looking into other infrastructure that could have facilitated this attack and discovered that logs of one of our Virtualizor instances had been cleared from around the time of the incident. This is the Virtualizor instance that all of the affected nodes are connected to.
At this time, based on the available evidence, we believe that the attackers used the "Server Terminal" functionality within Virtualizor to gain shell access to connected nodes and execute the malicious script. This access method does not use SSH, which explains the lack of evidence relating to SSH connectivity, and we also discovered that this doesn't leave any login records on the nodes (all root level logins are also alerted via emails), explaining why we didn't find anything out of the ordinary earlier.
Scope of Impact
We use Virtualizor instances to support our VPS services. At this time, we have confirmed that only nodes connected to a single Virtualizor instance were impacted. Nodes attached to our other platforms were not affected.
We also do not store personal or billing information of our users within virtualization platforms such as Virtualizor. Our investigation has found no evidence that customer databases or billing systems were accessed or compromised.
We are currently working on the way forward, and all affected clients shall be emailed, and we apologize for the inconvenience this has caused to all our affected clients.
The backup should of course not be on the same infrastructure as the server you are backing up, that is correct.
I have my backups on two storage servers from two different providers. The servers I backup does not run on any of those providers. I also have a NAS at home that fetches a copy from one of the backup servers once a month. The backup is of course monitored so if a server misses a backup I get an alert.
This whole setup costs me less then $10/month, probably closer to $5.