On Monday morning around 4am the PradoPoint site was attacked. The attack occurred due to a zero-day vulnerability.
There are several articles online detailing the severity of the issue.
Normally when vulnerabilities are found in software (by security researchers or ethical hackers), the vendor is notified and releases a patch before the exploit is made public.
Unfortunately this was not the case, the exploit was published, many vBulletin sites were breached and only then did vBulletin release a patch.
The attacker deleted the entire database. A bitcoin ransom was requested to return the database.
During my analysis of the server, I found no evidence that it was copied or backed up - only that it was deleted.
The most recent backup I had is just over a month old.
The impact is that we have lost last months data from the site plus the time and effort required to restore and clean the server.
Moving forward I now have complete server backups running every 12 hours on continuous rotation. The site has been upgraded to included the latest version and the patch released a few days ago.
I see this as not only another bump in the road but an indication that PradoPoint is still here after all this time and will continue no matter what comes up.
There are several articles online detailing the severity of the issue.
Normally when vulnerabilities are found in software (by security researchers or ethical hackers), the vendor is notified and releases a patch before the exploit is made public.
Unfortunately this was not the case, the exploit was published, many vBulletin sites were breached and only then did vBulletin release a patch.
The attacker deleted the entire database. A bitcoin ransom was requested to return the database.
During my analysis of the server, I found no evidence that it was copied or backed up - only that it was deleted.
The most recent backup I had is just over a month old.
The impact is that we have lost last months data from the site plus the time and effort required to restore and clean the server.
Moving forward I now have complete server backups running every 12 hours on continuous rotation. The site has been upgraded to included the latest version and the patch released a few days ago.
I see this as not only another bump in the road but an indication that PradoPoint is still here after all this time and will continue no matter what comes up.
Comment