Managed.com is one of the largest providers of web hosting services. In November 2020, it fell victim to a ransomware attack, called “REvil.”
In a ransomware attack, hackers hold your website content hostage until you pay a ransom. Most often, once the ransom is paid, the data is freed. A report by Cyber Insurance Claims showed that cyberattacks have risen sharply in frequency and severity in the last 2 years.
The managed.com attacker demanded $500,000 from managed.com to release the sites, which may have included Hannibal Regional Medical System.
The week before Thanksgiving, Sara Swisher, marketing specialist at Hannibal, sat down at her computer to do her usual website maintenance on the Hannibal Clinic website and had a scary surprise: the website didn’t load.
“All I saw was a pop-up message that said, ‘the connection has timed out.’” Sara recalls. “I kept trying, but it didn’t work. And then I started to worry.”
About Hannibal Regional Healthcare System
Hannibal Regional Health System, based in Hannibal, Missouri, operates 8 websites for its hospitals, clinics, and cancer center. The possibly-kidnapped websites did not contain any patient information, so thankfully, no privacy was violated and no confidential information corrupted.
Hannibal staff breathed a small sigh of relief, but they wanted its patients to know that medical services were uninterrupted. The website was still missing, and they understood that the website is an essential tactic to reflect its thriving medical practice. A study by Stanford University showed that 75% of users judge a company’s credibility based on its website’s design.
As fate would have it, Sara and her team already were working with LRS Web Solutions to redesign Hannibal’s websites when the ransomware attack occurred.
Initially, Managed.com told its customers that they were offline due to an “unscheduled service interruption.” The next day, the company admitted that all its sites, in more than 110 countries, were shut down as a precautionary measure. “They didn’t know how many sites had been affected,” Sara says.
Typical ransomware attacks can take weeks or months to resolve. For Hannibal Regional Health Systems, waiting weeks to get their health care sites back online was not an option. Sara requested help from managed.com, but she wasn’t getting a response. “We were all saying, ‘Well, now what?’ ”
So Sara asked LRS Web Solutions for help. LRS provides hosting services, as well as website design and development.
The Strategic Move That Saved the Day
Within minutes after Sara's plea for help on the morning of Wednesday, Nov 18, Josh Cuzzort, Customer Support Team Lead at LRS Web Solutions, began the rescue effort.
“Luckily, we had done a backup of Hannibal’s web files and databases to our LRS servers in September, in preparation for the website redesign,” Josh says. Restoring that backup was one of the solutions offered to Hannibal, says Bill Goldsberry, Manager of LRS Web Solutions, Sales and Development. “We sent them several solutions before noon.” The Hannibal team agreed that using the existing backup would be the quickest course of action.
“Rather than rebuild the site from scratch, we were able to use the backup to get Hannibal back online in hours instead of days or weeks,” Josh says.
“Rather than rebuild the site from scratch, we were able to use the backup to get Hannibal back online in hours instead of days or weeks.”
-Josh Cuzzort, Customer Support Team Lead
With a quick proof of concept and files transferred to a private, dedicated, secure hosting server, the LRS team, including Josh, Bill, and Erik Johnson, had the Hannibal Regional website back online within 6 business hours, with most of the work being done in just 2 hours on the morning of Thursday, Nov. 19.
“It was great to see we had a website again. The whole process happened really fast.” Sara says. “We were really relieved when it came back online.”
Hannibal’s eight websites are now functioning and secure, and the website redesign is moving forward on schedule.
The source of the REvil attack was still not known at the time of this writing, but Managed.com is working with authorities to determine the origin. “In a shared hosting environment like managed.com, sites may not have been locked down like they should have been,” Josh says.
“A ransomware attack from such a large, trusted company like Managed.com is a profound breach of trust,” says Bill. “We are grateful for the trust Hannibal has shown in us. I’m proud of our team who got the site back up so quickly.”
Worried about your website security? Ask us for a website security consultation.
TIPS TO AVOID A RANSOMWARE ATTACK
1. Backup your website files
Regularly download your entire web files to a dedicated backup system or hard drive. Your web developer or hosting provider may be able to do this for you.
At LRS, we perform regular backups of databases and site files. maintain offsite backups of the websites we host for an added layer of security.
Our backup routine includes nightly, weekly, and monthly backups for clients.
To strengthen security, for clients serving primarily US customers, we lock down our hosted website access to the U.S. only. The restriction can be lifted upon request.
“We are also investigating, a way for clients to do this themselves manually when they choose within our CMS, LRS Antilles,” Josh says. “With our shared hosting plans, security and permissions are in place to isolate websites. That way, if there are issues, the attack wouldn’t affect every site we manage.”
2. Ask your hosting provider about Security Patches
Not all hosting providers give the same level of service. If you don’t have an in-house IT team capable of managing a hosted environment, be sure you’re using a hosting company with a fully managed solution.
At LRS we offer a fully managed hosting solution that includes server updates, security scans, and stringent firewall rules. “We apply security patches, and we isolate our websites so it doesn’t affect other sites in the shared hosting environment,” Josh says. “We make sure our web servers are not vulnerable.”
3. Untrusted Emails and Email Phishing
Be wary of emails from unknown sources and never download a file if you don’t know what it is and who it is from. If an email looks suspicious, don’t hesitate to question it even if it appears to be from a co-worker, supervisor or company executive. Email phishing scams can appear to be very real so it’s important to have your guard up.
4. Email scanning and security
Make sure your email provider is using tools to protect your inbox. E-mail scanning and filtering can stop an attack by blocking emails before they ever make it to an employee mailbox.
5. Stay up to date
It’s important for all devices on your network to be up to date with the latest software updates. Have a policy in place for your company devices to automatically install updates.
Contact our team at LRS Web Solutions; we can help make sure your site is protected.
Help Me Avoid a Ransomware Attack