Message to customers affected by the incident on one of our servers (SRV1)
On September 4th in the morning, the SRV1 server was the target of a sneak attack that paralyzed the services on this installation. An extremely sophisticated ransomware was inserted on the server which was quickly closed by our technicians, first temporarily, then definitively since it was irretrievable.
The whole team was mobilized so that the services could be restored as quickly as possible for all our clients hosted there. On the morning of September 6, everything was back online. The technical team then conducted a thorough manual review of all affected web sites to address some of the remaining issues.
What are the consequences?
Since the attack hit our most recent backups, we had to restore external backups, which was released on August 31st. This means that data added to the server between 1 September and 4 September could be lost, mainly files and emails (we had a recent backup of the databases, so most changes to the web sites will not have been lost).
The attack that struck is of a brand new type and many servers around the world are affected, whether small or large companies. We understand that loss of service is a major inconvenience for our customers. That’s why the team will be hard at work in the coming days and weeks to help you get the most data.
The good news?
We closed the server and everything started from the beginning with a brand new server! We also raised our defenses. Our server 2.0 is now faster, safer, more efficient, more user friendly and simply better!
Actions required from you
- Administration board access passwords have been reset, an email should have been sent to you for this purpose. If you have not received it, contact us
- We also recommend changing your passwords for all other services (email, FTP, MySQL, websites, etc.)
- Let us know of any suspicious activity so that we can investigate
Questions and answers
Here are some of the questions we are most frequently asked about in this incident.
Has my data been compromised?
We have no evidence or indication that suggests sensitive data has been compromised or stolen. However, as a precaution, we suggest changing all your service or application passwords (emails, FTP, databases, WordPress users, etc.).
Is my computer compromised?
The attack only targeted the SRV1 server and its contents. We have no indication that workstations have been affected. However, we advise you to be extra careful about phishing e-mails or spam: do not open suspicious e-mails, as always!