New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
If they have a shell and run a script and the ssh history is gone.
You think your logs are legit? brother....
It depends what you're using the servers for. If it's a business, you might easily have more than $100 of pending orders there that you don't know about, so even if you had up-to-date backups it might still be worth paying. If your server is down for days, you probably would be losing more than $100 a day in lost revenue. Maybe it's worth it.
That said, personally, it's unlikely I'd ever pay such a thing - but mostly only because I have borg backups of all my servers, including a copy on a server in my house running borg in append-only mode that only allows logins from within my house as my very last line of defense. So even if hackers destroyed all my backups as well as my servers, I should still have a copy of everything important locally.
Another thing to consider is that if they had access to your machine sufficient to encrypt it, they probably had plenty of opportunity to compromise it in other ways. Maybe they install a backdoor after you pay up and before they unlock it. You should probably never consider that server safe again, and not trust any data on it or on machines that could be accessed with credentials on it. You should still wipe it and probably move to another provider, even if you did pay the ransom to see if there was important data since your last backup.
Sir, they asking for proper backup solutions, and it's aint cheap.
Does he mean that the data can still be recovered?
it means its possible, but dont count on it.
CloudGone literally
Sure it's on the hackers drive, possibel can recover at some costs, and not sure if it deliver
To all concerned customers:
Virtualizor on top.
Virtualizor is almost always NOT the problem.
/s
@virtualizor I never bothered reading that long DM you sent me about the @ouiheberg hack, but I doubt it's a coincidence that your product is implicated in yet another incident π
No worries guys, I'm a professional at negotiating with terrorists.
How much?
π Should've start with Anime memes with arabic texts
Is there any progress?
Don't you mean OuiHeberg? They made such claims, but didn't provide evidence.
So far on LET we have just 2 low-end providers blaming Virtualizor and within isolated scenarios. If there would be a serious Virtualizor vulnerability, we would see a lot of providers from the whole internet having lots of serious breaches.
Please cut it out with blaming Virtualizor which is already open-source. Maybe, just maybe, we get monkeys in some responsible jobs because companies wish to cut down costs while paying peanuts (including artificial intelligence).
This. It was not a bug, just poor management for which CC never took responsibility publicly.
Wait I don't think virtualizor is open source. I can be wrong I usually am but I couldn't find anything in their github (much) and I am seeing that they have pricing tier and everything which also makes me doubt as if its open source, I don't think its virtualizor, can you point out how its open source please?
One MJJ has been stupid enough to pay the ransom. Known accounts:
https://polygonscan.com/address/0xEf35250A9A2A763F87E406C2a9187A5a389c09AA#tokentxns
https://tronscan.org/#/address/TWJr7y6cwF3t8hqVoGHvwYuGbP9AtJDVMw
https://tonscan.org/address/UQBzr3lIN_8t9o4zN10M4cuD7OO2643GT-wFgia3EN-MSI39
Are you trying to make them double the ransom price?
A what? There is no such thing as "remote bash script". There is compromised root account of the node.
Good luck with your business.
why can they be hacked twice within one year?
Incompetence.
I was wrong. I can't find the source code either. They mention an "open source version" and an "Virtualizor OS Distro", making it look as open-source to searches, but there is no downloadable source code from what I see. I stand corrected.
Back on topic: They do provide an installation script and free trial. In my opinion if it was insecure or vulnerable, we would see an insane amount of hacked machines with hacked providers. I simply assume (without proof) that providers are simply cutting costs on workforce, resulting in big human mistakes which end up impacting some customers.
As providers try to cut costs more and more to survive in a failing politicised economy, I'm afraid we will see more and more irresponsible workforce being hired. It is so damn easy to cheat and lie on your resume using AI.
update: i could login to my vps, and its still running.
might be their main node/billing etc have been hacked.
but I've changed a/c password and vps passwords as precaution.
My VPS not hacked either - old customer though. Maybe it was just a new node with some bad configuration or bad password. This is good though, because it could mean they don't use same password everywhere.
That would have almost no impact in this scenario.
If an attacker has root access on the bare-metal host, anything running on top of it (VMs included) is effectively untrusted. Changing VPS or account passwords is good on paper, but it doesnβt meaningfully mitigate a host-level compromise.
At that point:
the hypervisor controls disk, memory, and network I/O
VM integrity cannot be guaranteed
credentials inside the VM can be observed or modified regardless of password changes
The only real remediation after a confirmed host compromise is node isolation, rebuild, and restore from known-good backups. ( and implement counter measures to limit the blast radius )
A hundred