Ransomware attacks can cripple a company’s operation, as we have seen in many ransomware articles we have written here since 2017’s WannaCry. However, when a hosting provider becomes a victim of it, all its customers are affected, especially in a case where the file encryption was so severe to a point the only way to stop the process of malicious encryption is to actually shut down the hosting servers affected. This is the scenario that A2 Hosting has been facing for the last 7-days.
Customers of A2 Hosting had their sites stored in individual VPS (Virtual private servers), which are virtual machines running on top of real server hardware. The company also provides an easy to deploy WordPress plugin, which will implement a clean copy of WordPress to the VPS, useful for quick publishing of contents to their website without knowing the complexities of WordPress.
The shutdown of VPS happened last April 23rd and at the time of this writing these same VPS remains down until further notice from A2 Hosting. Unfortunately, many of the customers of A2 Hosting were business establishments that heavily depend on their websites to be up in order to accept orders and facilitate transactions.
“My business and all my hard work have been gutted within eight days by a hosting company that clearly did not have robust security in place. Over the last eight days I have lost my Google [search] ranking which took me a year to achieve, and my customer base which was finally growing has been ruined,” said an anonymous customer who was outraged by the long downtime.
Another anonymous customer complained about the lack of transparency on the part of A2 Hosting, to a level that operationally speaking his company’s database is not accessible to the horrors of all his stakeholders. “Since the hack, A2 has provided zero information regarding my websites and database. I mean nothing, zero, zilch. I have been left to wait for an hour on hold calling support, to be told we understand your frustrations, but we cannot give you an ETA. They have this ridiculous update page, where nothing of substance is posted.”
It was later revealed that all A2 Hosting VPS which run on Windows Server was taken offline in a deliberate attempt to stop the infection rate rise, Windows hosts are the prime target of ransomware. Upon further inspection, the culprit ransomware was named, GlobeImposter 2.0 which exploits Windows Remote Desktop Service. A2 Hosting’s Windows VPS with RDP enabled were infected by GlobeImposter, as the hosting company provides customers the capability to remote their VPS.
Legally speaking, A2 Hosting is shielded by its own Terms of Service. In that document that all their customers “Agreed” with, it states that when it comes to the loss of data, it is the responsibility of the customer. A2 Hosting will never be held liable for data loss, and all customers are expected to have a back of their data uploaded in their VPS storage.