What Happens When Cybercriminals Mess With A Cyanweb Solutions Server?
Australia-based Cyanweb Solutions, the digital marketing and web provider, lost all their customer data, as well as their backup after their server was compromised last week. The company located in Perth focuses mainly on online marketing, hosting, and SEO; however, they were mostly panicking when the information of over 500 clients was suddenly wiped from their server.
A report advisory was posted on the company’s website, “A professional hacking group attacked, infiltrated the server, and destroyed all data, including all available backup data.
“We highly suspect they were ‘professionals’, as at the time of the infiltration the server was being ‘overloaded’ (DDoS) by a highly suspicious range of sequential Swiss server IP addresses.
“Some Swiss servers are like Swiss bank accounts and are occasionally used by professional criminal organizations and other well-funded cyberterrorist groups,” according to the post.
“While our server admin was distracted by the DDoS attack, the hackers simultaneously infiltrated the server, escalated their privileges, delivered the payload, and destroyed it. This payload then located and destroyed all backup disk drives using the ‘DD’ command while running a super-fast encryption routine that encoded all user accounts—while another routine sought out and deleted any core WordPress database tables using the default wp_ prefix.
“Once the infiltration was discovered by the then-logged-in admin, the server was shut off immediately. Unfortunately, it was too late, and only an estimated 12 percent of customer data survived the attack.”
Chief executive Jonathan Huckabee apologized to customers for what he called a “worst-case scenario” and was encouraging all affected businesses to set up email forwarding to an alternate email address.“We do understand how difficult and devastating this event is for everyone. We will contact you as soon as possible with full disclosure and options,” Huckabee said.
“Unfortunately, there is nothing else we can do at this point in time and appreciate your understanding that this is a worst-case scenario for everyone. Our priority is to get email flowing again and from there will be in touch with options.”
The company Cyanweb has been unable to contact all affected clients because email addresses for many of the businesses were also destroyed in the hack. The company recommended that clients reach out to Perth IT providers ComWiz Computers and Qbit Computers, which appeared in the 2017 CRN Fast50.
According to the advisory reads “We understand you are upset, worried and some are getting angry. This has affected everyone badly and we are struggling ourselves to keep up and keep going,”
“We will not give up and will see this through. We are a three-person team facing the biggest disaster of our working lives.”
At least one customer, automotive repair specialist ECUwest, confirmed through social media that its websites and email are down. Also, around 20 companies whose websites were hosted on Cyanweb all of the websites were down over the weekend.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.