Follow-up of the incident on one of our servers

Message to customers affected by the incident on one of our servers (SRV1)

On September 4th in the morning, the SRV1 server was the target of a sneak attack that paralyzed the services on this installation. An extremely sophisticated ransomware was inserted on the server which was quickly closed by our technicians, first temporarily, then definitively since it was irretrievable.

The whole team was mobilized so that the services could be restored as quickly as possible for all our clients hosted there. On the morning of September 6, everything was back online. The technical team then conducted a thorough manual review of all affected web sites to address some of the remaining issues.

What are the consequences?

Since the attack hit our most recent backups, we had to restore external backups, which was released on August 31st. This means that data added to the server between 1 September and 4 September could be lost, mainly files and emails (we had a recent backup of the databases, so most changes to the web sites will not have been lost).

The attack that struck is of a brand new type and many servers around the world are affected, whether small or large companies. We understand that loss of service is a major inconvenience for our customers. That’s why the team will be hard at work in the coming days and weeks to help you get the most data.

The good news?

We closed the server and everything started from the beginning with a brand new server! We also raised our defenses. Our server 2.0 is now faster, safer, more efficient, more user friendly and simply better!

Actions required from you

Administration board access passwords have been reset, an email should have been sent to you for this purpose. If you have not received it, contact us
We also recommend changing your passwords for all other services (email, FTP, MySQL, websites, etc.)
Let us know of any suspicious activity so that we can investigate

Questions and answers

Here are some of the questions we are most frequently asked about in this incident.

Has my data been compromised?

We have no evidence or indication that suggests sensitive data has been compromised or stolen. However, as a precaution, we suggest changing all your service or application passwords (emails, FTP, databases, WordPress users, etc.).

I think I lost emails, what to do?

If you think that you are missing important e-mails dated between the 1st and the 4th of September, you can send us a search request by our technicians. This request will be processed as soon as possible.
support@kajoom.ca
https://kajoom.ca/en/contact-us/

Is my computer compromised?

The attack only targeted the SRV1 server and its contents. We have no indication that workstations have been affected. However, we advise you to be extra careful about phishing e-mails or spam: do not open suspicious e-mails, as always!

UPDATE (2019-09-06)

We are pleased to announce that the server hit by the September 4th attack is now back online since 3:00 AM this morning. Emails have been restored since 8:00 this morning. Normally, everything should be back in order!

This is not the case?

However, there may be a delay of approximately 3-4 hours for some customers.
Our team of technicians is currently manually reviewing all affected websites. Some technical details may remain until this revision.

If you have additional questions, we invite you to contact us by e-mail or toll-free at 1-844-440-1001.

Check out our Facebook page or our website for news of the progress of the situation.