Now that the dust has settled somewhat, we would like to take the moment to come clean with regard to the outage we experienced last December. We value the trust of our customers above all, and in the interest of transparency, we feel we should lay out the facts regarding what happened, and what we’re doing to ensure nothing like this happens again.
On Friday, December 13th 2019, South Valley Internet was the victim of a ransomware attack. Nake, one of our web hosting servers, was breached, all its backups were deleted, then all the files were encrypted and held for ransom. No other systems and or servers were affected.
After attempting to restore what data we could, we decided it would be in the best interest of our customers to go ahead and pay the ransom. After doing so, we received the decryption key and were able to decrypt the files successfully.
However, it then became apparent that a handful of databases became corrupted during this process. SVI engineers proceeded to work day and night alongside expert consultants to repair the damage, and were successful in restoring the majority of our customers’ data, but unfortunately, some files were damaged beyond repair.
Although we haven’t determined the exact vector used by the attacker, SVI engineers suspect it was a vulnerability in some outdated application code used by one or more customer sites. While we cannot police the code used by our customers, we have further hardened our environment by adding extensive firewalls and brute force monitoring hardware and software to make certain this does not happen again.
We have also enhanced our backup policies to include offsite/offline backups of all files and databases. The server OS and core applications have also been updated. From now on, SVI will be much more proactive in updating programs and patching vulnerabilities.
In the coming months, we will also be updating software such as PHP and WordPress to the latest versions on all customer sites. We regret this may involve some changes for customers relying on outdated versions. However, these updates are absolutely necessary to ensure server security and to prevent future outages due to vulnerabilities in outdated code.
We sincerely apologize to customers who lost data in the breach, and to everyone affected by this unfortunate series of circumstances. Ransomware attacks have become more and more frequent, and their effects have become more costly and dangerous. Many cities, hospitals, library systems, governmental agencies, universities, and Fortune 500 companies have fallen victim to these attacks, which continue to become more sophisticated.
Please be assured we are employing best-of-breed products and practices, and doing everything possible to ensure the safety of your data. Thank you for your continued loyalty and support. We value every one of our customers and work tirelessly to provide the best service we possibly can.