Status Update

Discussion in 'Announcements' started by Tim, Jun 3, 2017.

  1. Tim

    Tim Owner Administrator

    As you all know, our machine became the victim of a ransomware attack on Wednesday. This caused all of the files on our machine to be encrypted. All of them, even GModZ. Even our backup files were encrypted. Hours after the attack, there was no hope of us recovering. The method of encryption was too new and no one has found a solution to decrypt this method of encryption yet. There were two options here. We could restore a server backup from last November that I had saved or we could pay the ransom. The ransom was 1 bitcoin, which was roughly $2,400. After researching the topic, I learned that even after paying the ransom, most attackers never decrypted the files and the victims were now without their money and their files.

    Thursday night, John and I decided to take the chance and pay the ransom. There was too much data loss to recover from this. It was a huge risk. Luckily for us, the attackers wanted to create a legitimate business out of this. We were emailed several tools to decrypt the files. After hours of decryption tests and waiting for replies from the attackers, we've successfully managed to decrypt most of the files on the machine. While there was a large number of data corruption, the server files for TDRP were recovered. The only data loss we experienced was roughly 1 hour. The attack occurred at 2pm on Wednesday May 31st. The live MySQL databases were corrupted. Luckily, our hourly MySQL backups were recovered, allowing us to rollback to 1pm on May 31st.

    This was a huge security lesson for us. We're working on getting systems in place to store offsite backups to prevent an event like this from occurring again. Along with that, we're tightening our security measures.

    I apologize for the lengthy downtime. We're currently waiting on our hosting provider to format the hard drive and install a clean OS on the machine. I'm expecting the server to be back up and running tomorrow afternoon. I'm just glad we're going to be able to bring everything back online.

    I look forward to seeing everyone back in-game!

  2. Levande

    Levande 猫叉Master VIP

  3. Sir Ding

    Sir Ding Adept

    Um, what now?
  4. JibzZ

    JibzZ Retired Management VIP

    Hallelujah!!! Thank God the attackers kept their word. Tim ,can't thank you enough for putting all of that money on the line man. It just goes to show how dedicated you are to this server. I hope to see everyone in-game tomorrow!!!
  5. Tim

    Tim Owner Administrator

    The attackers were very polite. When we ran into trouble with their decrypting software, we were forwarded to their programming technician who really helped us out! :) Five stars for sure.
    • Agree Agree x 4
    • Winner Winner x 1
    • List
  6. Infinity.exe

    Infinity.exe Experienced

    Fuck yea!
  7. Lena Oxton

    Lena Oxton Adept VIP

    you do realize that Paying attackers like that just simply make it more probable for them to keep attacking? its motivation.
  8. It's a felony....... "Legitimate business"
  9. Dak

    Dak TDRP's MLK VIP

    We got the server back
  10. JibzZ

    JibzZ Retired Management VIP

    That's all that matters right now.
  11. Lena Oxton

    Lena Oxton Adept VIP

    Yes we did. Now someone else is going to get hit more than likely. hell whats to say we wont get hit again.
  12. Dak

    Dak TDRP's MLK VIP

    now proper precautions are being taken
  13. Kwoon

    Kwoon Rice Boy Management

  14. Tim

    Tim Owner Administrator

    Did you want to play TDRP or not? Obviously we knew how terrible it was, but it was our only option to restore our previous data. Now that we've resolved the issue, we'll report the information we do know about the attackers to the proper authorities.
    Last edited: Jun 3, 2017
  15. Gretzky

    Gretzky Event Manager VIP

    Wow surprised they actually went through and gave the data back
  16. Levande

    Levande 猫叉Master VIP

    They had to otherwise they would be scamming and risk being banned. awoo~!
  17. Nota

    Nota Retired Server Management VIP

    Looking forward to seeing many of you tomorrow!
  18. thanks for the money im an elit e hacker from pakistan and you just got trickle dickled


    Glad you got (most) of the information back. Hopefully some 12 year olds buy Donor so you can recuperate your loss.
    • Winner x 2
    • Funny x 1
    • Informative x 1
    • Friendly x 1
    • Useful x 1
    • Optimistic x 1
    • List
  19. Glover

    Glover Get out of here S.T.A.L.K.E.R VIP

    Good to see the server getting is back on its feet

    Don't you have to reedited the scripts and files?

    Last edited: Jun 3, 2017