All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Internap suffers ransomware attack.
This seems to have flown under the radar. Internap experienced a ransomware attack and as a result has ceased offering email, database, and website services. - It does not appear they were able to restore any backups.
Statement:
On Wednesday, September 28th, between the hours of 2:11 am CDT and 5:41 am CDT, INAP was the target of a ransomware attack that affected the services we provide to you. One of our support technicians discovered the security issue at 8:00 am, CDT. INAP’s Chief Information Security Office was notified and invoked the incident response plan. The incident response team was able to determine the root cause and attack vector used, and quickly remediated the issue to prevent further damage. This was completed approximately at noon, Wednesday September 28th.
Unfortunately, your services are not recoverable because of this attack.
Additionally, multitenant website, database, and email hosting services will no longer be available following this event. We will be terminating these multitenant hosting services and removing the charges from your account effective immediately. The multitenant “GuestDNS” service was not impacted, and you can continue to make any DNS changes through the control panel.
Our recommended path forward is to re-create any affected services on a bare metal server and to upload your data from your local copies if available.
Comments
Well, that's one way to take a beating like this:
So now when everyone asks "Why didn't you have backups and how are you going to do better moving forward" they can just say "We fucked up, and we're not moving forward at all. Get out."
Mentally strong provider deletes customer services immediately without trying to recover data.
Well that's one way to expedite throwing in the towel for old services..
Did this attack wipe all Dedicated/Bare-metal Servers or what?
Or why this:
Our recommended path forward is to re-create any affected services on a bare metal server and to upload your data from your local copies if available. If you do not have a bare metal server with INAP please reach out directly to [email protected] for immediate sales support.
They're no longer providing some services at all, they're saying if you need those then rent a server and run them yourself.
legacy services they didnt make much money on anyway so not worth the effort? that's how i read it, and can't really blame them.
One of the more recent trends in ransomware is to attack the backup infrastructure along with the primary target. The attacker's objective is to prevent the victim from eliminating the malware and restoring a clean backup. They may lurk on a system and take time to figure out how to prevent backup restoration.
I know nothing about Internap or its operations. I wonder whether Internap had backups, but the attackers were able to infect, encrypt, or destroy them? Were their backups attached to the servers 24x7?
Another thing that we do not know is Internap's decision process regarding the ransom demand. Did Internap attempt to pay the ransom? (Note that there is no guarantee that if you pay the ransom you will recover your data. There is also no guarantee about what the attacker may do with that data. They may or may not release, keep, or destroy the data, no matter what was promised.)
If Internap did not pay the ransom, then it begs the question of what could motivate a decision not to pay? Ransom too high? Moral principles? The value of the shared hosting business was less than the ransom? It could be a communications or payment failure between Internap and the attacker.
This attack should be a wakeup call for Internap's competitors to review practices, plans, and procedures. I hope my providers are paying attention.
P.S. Do you think Internap will release the root cause and attack vector used, so that others will not fall prey to the same attacks? Any takers for that bet? (... or is Internap too embarrassed to admit their error?)
What kind of company loses their customers' data and doesn't even apologize?
No compensation?
Nigh Sect says: when in doubt, sue.
The worst part is the fact that the attacker probably has a copy of all customer file systems. Oh boy…
Probably not. Most likely just encrypted.
This reminds me of 365 datacenters.
Francisco
This seems the way to go. Free in Community up to 10 workloads.
https://community.veeam.com/blogs-and-podcasts-57/veeam-v11-hardened-repository-aka-immutable-backups-275
I'd hate to see their credit card merchant statement next month...chargebacks galore.
It seems that they hide that incident report since link is forwarded and there are no reports or statement anywhere. Did they actually found some backups or just trying to handle PR?
That's a bit ironic given their status page is titled "Operational Transparency"
Here's an archived link:
https://web.archive.org/web/20221004130636/https://ot.inap.com/incidents/l3ly2y746v26
And here's an archive of the archive;
https://archive.ph/OBFk3
Internap really showing the community exactly how not to handle breaches.
Noboday asked the obvious. Were they taking a nap?
They can ‘perma’ nap now