Digital marketing and web provider Cyanweb Solutions lost nearly all customer data and backups after a “criminal hacking incident” that compromised one of its servers last week.
The three-staff, Perth-based company provides web design, hosting, online marketing and search engine optimisation for around 500 clients. The company did not have offsite backups in place.
According to an advisory posted on its website, "A professional hacking group attacked, infiltrated the server and destroyed all data, including all available backup data.
"We highly suspect they were 'professionals', as at the time of the infiltration the server was being 'overloaded' (DDoS) by a highly suspicious range of sequential Swiss server IP addresses.
"Some Swiss servers are like Swiss bank accounts and are sometimes used by professional criminal organisations and other well-funded cyber terrorist groups," according to the post.
"While our server admin was distracted by the DDoS attack, the hackers simultaneously infiltrated the server, escalated their privileges and delivered a seek and destroy payload.
"This payload located and destroyed all backup disk drives using the 'DD' command, while running a super-fast encryption routine that encrypted all user accounts, while another routine sought out and deleted any core WordPress database tables using the default wp_ prefix.
"Once the infiltration was discovered by the-then logged-in admin, the server was shut off immediately. Unfortunately, it was too late and only an estimated 12 percent of customer data survived the attack."
Chief executive Jonathan Huckabee apologised to customers for what he called a “worst-case scenario” and was encouraging all affected businesses to set up email forwarding to an alternate email address.
“We do understand how difficult and devastating this event is for everyone. We will contact you as soon as possible with full disclosure and options,” Huckabee said.
“Unfortunately there is nothing else we can do at this point in time and appreciate your understanding that this is a worst case scenario for everyone. Our priority is to get email flowing again and from there will be in touch with options.”
The company recommended that clients reach out to Perth IT providers ComWiz Computers and Qbit Computers, which appeared in the 2017 CRN Fast50.
Cyanweb has been unable to contact all affected clients because email addresses for many of the businesses were also destroyed in the hack.
"We understand you are upset, worried and some are getting angry. This has affected everyone badly and we are struggling ourselves to keep up and keep going," according to the advisory.
"We will not give up and will see this through. We are a three-person team facing the biggest disaster of our working lives."
At least one customer, automotive repair specialist ECUwest, confirmed through social media that its websites and email are down.
CRN identified around 20 companies whose websites were hosted on Cyanweb, most of them small businesses in Perth, including automative mechanics, graphic designers, photography studios and architects. All of the websites were down over the weekend.
The diverse mix of clients includes the WA Polo Association, boutique law firm Murray Chambers and Seek Security Products, a distributor of thermal imaging technology.
One customer, who runs a graphic small design business, told CRN: "It’s definitely hit me hard but websites can be rebuilt... I’ve only lost five sites, goodness knows how many others have been affected. It’s totally unbelievable."
Updated 3.45pm Monday 2 July to clarify that Cyanweb Solutions is no way related to separate company Perth Web Hosting.