back to article It woz ransomware wot did it: ConnectWise spills beans on cause for day-long outage

A customer email from biz automation outfit ConnectWise has revealed that a ransomware attack was to blame for an outage which crashed its systems for a whole day earlier this month. At 7.30am on Friday 3 May, the firm's security systems warned that some SQL servers on the EU/AWS cluster were unavailable. Closer examination …

  1. Pascal Monett Silver badge

    What a shame

    "In order to reduce the possibility of a repeat attack, ConnectWise has added an extra layer of authentication for all users and added shored up security between the SQL clusters and the rest of the environment."

    Isn't it too bad that security is such a nuisance ? Only when the miscreants actually get through does anyone accept to actually lock things down the way they should be.

    Don't tell me that this "extra layer of authentication" was a genius moment, it was the layer that was lacking in the first place.

    Hey, on my home network I don't have much authentication going on either - but I'm only responsible for my personal data, not for thousands upon thousands of clients.

    Security - you do it right, or you pay the price. In this case, apparently, they got lucky. That is far from being the usual.

    1. Korev Silver badge

      Re: What a shame

      I'm more impressed by an organisation that admits it has screwed up and is taking active steps to fix things than somewhere that just denies there's a problem.

      1. Rich 11 Silver badge

        Re: What a shame

        A 10% rebate to customers is a small price to pay to avoid getting a bad reputation.

        Let's hope other companies follow their lead. And learn from the security hole.

  2. Anonymous South African Coward Silver badge

    ConnectWise will in future take a snapshot of "the transaction log backups each hour to reduce the recovery point in the event the transaction logs are compromised".

    And what if the snapshots themselves are also compromised?

    1. Alister Silver badge

      It's snapshots all the way down...

    2. MJB7 Bronze badge

      Re: what if the snapshots themselves are also compromised?

      Then you are back to the daily backups.

      I think they did quite well:

      • Admitted there was a problem
      • Had working backups (not a given)
      • Added an additional step to make it less likely in future
      • Added an additional step to make it less serious in future
      • Gave a (small) discount

    3. Anonymous Coward
      Anonymous Coward

      If the snapshot storage area is writable by any other user than the SQL server ID and the backup system ID, your competence is somewhat questionable.

  3. TsVk!

    fuck up done right

    Seems like they did a pretty good job recovering from what could have been a devastating attack. Bravo.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019