{"id":5046,"date":"2019-09-05T14:15:24","date_gmt":"2019-09-05T18:15:24","guid":{"rendered":"https:\/\/kajoom.ca\/uncategorized\/kajoom-release\/"},"modified":"2019-09-12T18:14:31","modified_gmt":"2019-09-12T22:14:31","slug":"kajoom-release","status":"publish","type":"post","link":"https:\/\/www.kajoom.ca\/en\/general-announcements\/kajoom-release\/","title":{"rendered":"Follow-up of the incident on one of our servers"},"content":{"rendered":"

Message to customers affected by the incident on one of our servers (SRV1)<\/strong><\/p>\n

On September 4th in the morning, the SRV1 server was the target of a sneak attack<\/strong> that paralyzed the services on this installation. An extremely sophisticated ransomware was inserted on the server which was quickly closed<\/strong> by our technicians, first temporarily, then definitively since it was irretrievable.<\/p>\n

The whole team was mobilized<\/strong> so that the services could be restored as quickly as possible for all our clients hosted there. On the morning of September 6, everything was back online. The technical team then conducted a thorough manual review<\/strong> of all affected web sites to address some of the remaining issues.<\/p>\n

What are the consequences?<\/h2>\n

Since the attack hit our most recent backups, we had to restore external backups, which was released on August 31st. This means that data added<\/strong> to the server between 1 September and 4 September could be lost<\/strong>, mainly files and emails (we had a recent backup of the databases, so most changes to the web sites will not have been lost).<\/p>\n

The attack that struck is of a brand new type<\/strong> and many servers around the world are affected, whether small or large companies. We understand that loss of service is a major inconvenience for our customers. That’s why the team will be hard at work<\/strong> in the coming days and weeks to help you get the most data.<\/p>\n

The good news?<\/h2>\n

We closed the server and everything started from the beginning with a brand new server<\/strong>! We also raised our defenses. Our server 2.0 is now faster, safer, more efficient, more user friendly and simply better!<\/p>\n

Actions required from you<\/h2>\n
    \n
  1. Administration board access passwords have been reset, an email should have been sent to you for this purpose. If you have not received it, contact us<\/li>\n
  2. We also recommend changing your passwords for all other services (email, FTP, MySQL, websites, etc.)<\/li>\n
  3. Let us know of any suspicious activity so that we can investigate<\/li>\n<\/ol>\n

    Questions and answers<\/h2>\n

    Here are some of the questions we are most frequently asked about in this incident.<\/p>\n

    \n

    Has my data been compromised? <\/span><\/span><\/span><\/p>

    We have no evidence or indication that suggests sensitive data has been compromised or stolen. However, as a precaution, we suggest changing all your service or application passwords (emails, FTP, databases, WordPress users, etc.).<\/p>\n <\/div> <\/div> <\/div><\/section>\n

    I think I lost emails, what to do? <\/span><\/span><\/span><\/p>

    If you think that you are missing important e-mails dated between the 1st and the 4th of September<\/strong>, you can send us a search request by our technicians. This request will be processed as soon as possible.
    \nsupport@kajoom.ca<\/a>
    \n    https:\/\/kajoom.ca\/en\/contact-us\/<\/a><\/p>\n <\/div> <\/div> <\/div><\/section>\n

    Is my computer compromised? <\/span><\/span><\/span><\/p>

    The attack only targeted the SRV1 server and its contents. We have no indication that workstations have been affected. However, we advise you to be extra careful about phishing e-mails or spam: do not open suspicious e-mails, as always!<\/p>\n <\/div> <\/div> <\/div><\/section>\n<\/div>\n\t

    \t\t
    <\/p>\n

    UPDATE (2019-09-06)<\/h3>\n

    We are pleased to announce that the server hit by the September 4th attack is now back online since 3:00 AM this morning. Emails have been restored since 8:00 this morning. Normally, everything should be back in order!<\/p>\n

    This is not the case?<\/p>\n