Is Internap trying to conceal the full effects of a ransomware attack?
>
Cloud and data giant Internap (INAP) has faced a ransomware attack that caused a shutdown of its email, database and website services.
Despite very little information online, the attack took place between 2:11 a.m. CDT and 5:41 a.m. CDT on Sept. 28, before being discovered by a support engineer at 8:00 a.m. CDT.
But interestingly, the report of the ransomware attack was later removed from INAP’s Operational Transparency Incident Report page (opens in new tab).
Secret ransomware attack
Using the Internet archiving tool Wayback Machine, the incident reported earlier on the INAP page stated that the company’s incident reporting team was able to determine the cause and the attack vector used.
Despite the incident being resolved, INAP was unable to restore its customers’ services due to the attack and as a result, the company will not launch a multi-tenant website, database, web hosting (opens in new tab) and email hosting (opens in new tab) services, according to the report (opens in new tab).
This means that customers who are not external backup software (opens in new tab) have lost their services.
“We will terminate these multi-tenant hosting services and remove the charges from your account with immediate effect. The multi-tenant “GuestDNS” service is unaffected, and you can continue to create any DNS (opens in new tab) changes via the control panel,” said INAP.
“Our recommended path forward is to recreate all affected services on a bare metal server and upload your data from your local copies, if available.”
Currently, the most recent incident reported on INAP’s operational transparency page is the replacement of a failed top-of-rack switch at the Chicago data center, affecting customer systems in those cabinets, resulting in 30 minutes loss of public network connectivity.
TechRadar Pro has contacted INAP for more information about the incident, but the company has not yet responded.