Fasthosts left some customers without access to their backups for roughly six days – after it tore down systems it feared were vulnerable to the WannaCry malware.
The Brit web hosting biz confirmed to The Register that it pulled the plug on gear hosting some of its customers' online storage service last Friday. These systems were running Microsoft Windows Server 2003, which is no longer officially supported and is potentially susceptible to the WannaCrypt ransomware that did the rounds on Friday. In other words, worm smashes Server 2003 machines worldwide, Fasthosts pulls plug on Server 2003 hardware, customers go for days without access to online data.
The backup service was restored by Tuesday evening, UK time, after El Reg prodded the outfit for an explanation on Monday night, US Pacific Time. Some customers told us things were not back to normal until Wednesday morning, though.
"My client needs to access backups that are on their backup service to restore a critical application they are using," one customer told us earlier this week. "They have not been able to conduct their business during this unexplained outage – understandably, they are pretty pissed off."
Fasthosts said it was worried its server would be vulnerable to the panic-inducing ransomware that spread around the world on Friday and over the weekend, causing IT admins and executives alike major headaches. "Fasthosts had concerns over these particular accounts and proactively disconnected the service platform, to protect against the malware risk," a spokesperson told El Reg. "We can confirm that no compromise occurred."
The web biz wouldn't confirm the replaced gear was using Windows Server 2003, however emails it sent to customers, and seen by The Register, revealed the hardware was running an OS that hasn't been supported since 2015. The missive, sent on Tuesday at 5pm UK time, read:
On Friday 12th May we made the decision to take our dedicated backup service offline as a purely precautionary measure to protect against the well-publicised global malware attack.
The platform that you were previously using was built on Windows 2003 technology, and as such was vulnerable to the 'Wannacry' malware which hit various systems worldwide.
We can confirm that as a result of our actions the platform was not compromised and your back-ups remain secure.
As we take the security of our systems extremely seriously, we are retiring the Windows 2003 platform with immediate effect, and as a result we will be migrating your service to a new backup platform. As soon as the change has been made, your service will be available. You will simply need to update your backup password in your Control Panel, as well as adding the new platform IPs into your back-up scripts if necessary. We will let you know as soon as the migration of your service is complete.
Then once the service was apparently available again, using more recent software, believed to be Linux, customers were told:
We have now completed the migration of your Backup Service to our new platform. In order to start using your service again, you now need to log in to your Control Panel and update your backup folder password(s). You will also see the new backup server IP, which you will need to update any backup scripts you may have running.
All access rights that were configured on your previous backup folder(s) have been applied to the new server, so the same users that could access your old backup folder(s) will be able to access the new ones.
Fortunately, the new backup platform appears to be working. If there's a silver lining to this whole ordeal, it is that backup data previously hosted on a vulnerable machine is now running on a new, secured box, fingers crossed. Fasthosts claimed 82 customers were affected by the outage, however we believe those customers vary in size – for example, some are IT contractors for small businesses. ®