‘Web Hosting Canada’ (WHC) is currently dealing with a major incident impacting the availability of its services and asks the customers for patience as they work to resolve the problem. The firm has characterized the situation as “serious” since the first moment they made this public on Saturday. Yesterday, they returned with an update to inform their clients that the initial data recovery process through backups has failed.
In response to this emergency, WHC launched a temporary hosting account in the Client Area, calling it “LifeBoat,” urging customers to use this account, upload all website data to the new space, and update their domain’s DNS accordingly until the underlying problems are dealt with. These accounts will remain available and free of any charge until at least January 1, 2022. Until a more permanent solution is implemented, this should be considered the official solution.
Although the word ‘ransomware’ is nowhere to be found in WHC’s announcement or updates, having data wiping incidents that also include backup servers sound very close to the standard operating practice of most ransomware gangs today. Also, the time of the attack, which unfolded over the weekend, is typical of when ransomware groups like to move, finding IT teams understaffed and unable to properly contain a mass-encryption incident.
Still, we weren’t able to find any relevant announcements on the most active Tor sites, so it’s either too early for publishing a threat there, or the WHC is dealing with a different kind of problem. Possibly it could be physical damage on its servers, a massive blunder in configuration, a disgruntled employee, a revengeful former employee, and other scenarios. Some parts of the announcement make it sound like electrical damage or a fire incident, but it’s not clearly communicated, so anything goes.
The restoration process hasn’t been abandoned, even if it’s still progressing slowly. By the end of the day, it is expected that the percentage will reach an average of 50%. It has been clarified, though, that the damage is heavy for some servers and the likelihood of restoring account data from there is very low. WHC has engaged with data recovery experts to attempt to restore data from the source server, but this will take a very long time, possibly several months.
This is another reminder of why keeping your own local backup of your website and files is key, as those who have one available can now give it to WHC and have everything transferred to a new server immediately, continuing their work as if nothing has happened. If you don’t, it’s the “LifeBoat” path for you.