Understanding Ransomware: Why Hosting Companies Need a Robust Backup Plan

Ransomware attacks are a growing threat to businesses and individuals alike. These malicious attacks encrypt data, rendering it inaccessible until a ransom is paid. With the rise of AI and decentralized cryptocurrencies, ransomware attacks have become easier to implement and harder to trace. For hosting companies, the stakes are even higher, as these attacks can affect multiple clients simultaneously, leading to data loss, financial damage, and significant operational downtime. The good news is that JetBackup offers a reliable solution, ensuring that data can be quickly restored even during any attack, safeguarding business continuity and peace of mind for both the hosting provider and their clients.

JetBackup’s Solution: Keeping Data Safely Backed up

Most attacks come from customers not updating the latest security patches, poorly coded or vulnerable WordPress plugins, or lacking proper passwords and security protocols. This is where JetBackup restorations can recover from just about any cyber attack. With self-service backup scheduling and restoration, customers can restore backups instantly without needing assistance from support. In extreme cases, a full server restore via JetBackup may be required, which can be efficiently handled by the hosting technical team.

JetBackup’s Automated Security Options

Our partnerships with Imunify 360 and BitNinja add another layer of security for your clients. JetBackup can interact with these security plugins through specific hook points, allowing the security plugin to trigger JetBackup and automatically execute a file restore and/or lock the latest clean incremental account backup of the infected account to assure data protection. You can offer these services as added perks to your hosting plan or upsell them to your customers. 

Recovering from an attack with JetBackup: The Restore

A clear recovery plan is crucial in the unfortunate event of an attack. This guide walks you through a basic self-service step-by-step recovery plan and the process of using JetBackup to restore your data. From identifying the last clean backup to executing the recovery process, JetBackup simplifies the restoration process, helping them return to normal operations quickly and efficiently.

  1. Backup, Backup, Backup! The first step is scheduling backups. Suppose your website is mostly static, with occasional updates and no dynamic content or shopping cart features. In that case, we suggest weekly backups or at least a backup each time content is published, weekly, bi-weekly, etc. If your website is dynamic, has content published daily, or is a membership/e-commerce website, we suggest daily or multiple daily backups.  
  2. Once we know our backup plan, we must choose where to store these backups. All backups should be stored outside the hosting server for security and server stability. Daily and weekly backups can be safely stored in an S3 cloud environment. A monthly/bi-monthly disaster backup should be stored on an alternative source like Dropbox or downloaded directly to your computer. By default, most hosting company backups are daily and are retained for no longer than three weeks. This is why self-service backups are an important feature.
  3. Now that we are backing up, we should investigate all the security measures for our website software needs, such as firewalls, bot protection, etc.  Taking proper security measures can help make sure we never have to face the following steps.
  4. Your website has been hijacked. The first step—don’t panic—JetBackup is here! Start by securing the server, opening your control panel/hosting/domain, and blocking all IPs other than your own. We want to ensure the hacker cannot access the site while we do the restoration. 
  • Next, we must log in to the control panel (cPanel/DirectAdmin, Plesk, Interworx, JetBackup on Linux) and open JetBackup.
  • In JetBackup, we go to the restore section and find an uncompromised backup. Our main goal is to find a working website version before it was hijacked. A full restore using “Terminate before restore” is suggested for absolute certainty. Still, you can start with the home directory and database, as these are normally the main items involved in an attack, but make sure to scan the directory for any nefarious files. 
  • Once the website is restored, log in to your site and ensure that no new users with admin access you did not approve are in the system – the hacker could easily have created an admin account. The hacker could have compromised your website login and admin password, so change them immediately. Next, review any plugins or extensions on your website, ensuring they are up to date and have no vulnerabilities. If you need help testing third-party scripts and plugins for security, hire a pro before taking your site back online!
  • Now that you have restored the website unblock the IP addresses and monitor the incoming traffic, identifying any bots trying to attack it. We suggest doing a full security audit during the next 48 hours, documenting the time and date of the hack to the best of your knowledge, and being better prepared for the next attack.

Closing thoughts

While it’s impossible to be utterly immune to cyber attacks in today’s digital age, having a solid backup plan with JetBackup ensures that our data is secure. With JetBackup, recovery is just minutes away, allowing us to bounce back and maintain our digital presence quickly.