Clients of Internet Solutions’ hosting services have told MyBroadband that attackers breached their servers and infected them with ransomware, encrypting their data and demanding money to get the decryption key.
Other clients said that they noticed other troubling activity prior to IS disclosing the problem, as if there were attackers roaming around inside the network.
In addition to deploying ransomware, people with servers and virtual servers in Internet Solutions said they detected exploitation toolkits, including remote access trojans, being deployed on machines.
However, Internet Solutions has denied that it has suffered a data or security breach.
“The infrastructure layer has not been compromised by malware or remote access trojans, but rather [it is] a matter of irregularities [which were] detected by our internal monitoring systems on certain hosting services,” IS CTO Kervin Pillay told MyBroadband.
Pillay said that the “irregular activity” they detected is still under investigation.
“We are unable to comment on behalf of our clients as to whether they have been compromised outside of IS systems control,” Pillay said.
Internet Solutions recently sent out a notice to its hosting customers to warn them about the breach, and urged them to change their passwords and take additional steps to secure their servers.
The notice was signed by Pillay and informed clients that Internet Solutions detected “irregular activity” in the following environments:
- Cloud Virtual Services
- Standard Virtual Machine
- Virtual Data Centre
- Leased Server
There was no “irregular activity” in its Cloud Virtual Machine and Ignite Cloud Server environments.
Pillay told clients in the notice that they should change the password for each virtual and physical machines hosted in Internet Solutions’ data centres.