Cyber Incident Victim: Managed.com
Date:
Nov 2020
Location:
United States of America
Summary
Managed.com, a web hosting provider, experienced a significant ransomware attack attributed to the REvil operation, leading to widespread service disruptions. The company proactively took its entire system offline to safeguard customer data integrity, resulting in prolonged website outages for clients and prompting some to migrate to alternative providers. REvil demanded a $500,000 ransom in Monero cryptocurrency for a decryptor, though it remains unclear whether data exfiltration occurred prior to encryption. The incident involved coordinated efforts by the ransomware-as-a-service group, known for high-profile attacks and substantial annual extortion earnings. Law enforcement was engaged during the response, with restoration efforts prioritized alongside threat mitigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 16, 2020, Managed.com, a web hosting provider, experienced a coordinated ransomware attack attributed to the REvil operation. The company initially responded by taking a limited number of impacted customer sites offline to preserve data integrity. As the investigation progressed, Managed.com extended this precautionary measure by shutting down its entire hosting environment on November 17 to prevent further compromise. The outage affected client websites and hosting services, rendering them inaccessible. Managed.com publicly confirmed the ransomware incident that day, stating their technology and information security teams were actively working to neutralize the threat and restore full service capacity. The company engaged law enforcement agencies to identify the attackers but did not disclose technical details regarding the intrusion vector or specific compromised systems.
REvil ransomware operators demanded a $500,000 payment in Monero cryptocurrency in exchange for a decryptor, according to evidence shared with BleepingComputer. The attack caused sustained service disruptions, with client websites remaining offline for multiple days post-incident. This prolonged downtime prompted some customers to migrate their hosting services to alternative providers. Managed.com prioritized customer data security throughout the response but did not confirm whether attackers exfiltrated unencrypted files prior to encryption. REvil, identified as a Ransomware-as-a-Service operation active since April 2019, had previously executed high-profile attacks against organizations including Travelex and law firm Grubman Shire Meiselas & Sacks. The group publicly claimed annual extortion revenues exceeding $100 million. Managed.com's recovery efforts continued without public disclosure of restoration timelines or whether the ransom was negotiated or paid.