Belts and suspenders, eggs in one basket, backup plans, and A2Hosting ransomware!

Photo by docoverachiever
The popular A2Hosting company is struggling with a ransomware attack that’s knocked quite a few of their Windows-server clients offline. While we’ve recommended A2Hosting to some of our WordPress clients we direct them to Linux hosting so they’re unlikely to have been affected by this attack.
Ugh! Ransomware is a serious problem for smaller ISPs and hosting providers. I’ve briefly mentioned ransomware before, but a few years ago one of my clients’ small local host went down, taking literally their entire enterprise with it. The owners of the hosting company literally couldn’t afford the ransom — it was multiple times their annual revenue — so they just gave up. My client and every other client of the hosting company was simply gone — no on-site backups, no access to DNS records, domain registrations, email, archives, NOTHING! My client’s online presence had completely disappeared!
And as we all know, ransomware exploits typically wait 3-6 months after infection before performing a lockout to ensure that all reasonable backups are also toast.
This wasn’t one of my maintenance clients but I did occasional work for them and always make and retain my own backups. And their IT service had backups of all their email. But it took days to re-acquire their domain from ICANN and get them back online with a new (not-so-small) hosting company.
Kind of daunting to realize a company as large and generally savvy as A2 is also vulnerable!
All the more reason every business website owner should
- Register your domain with one company
- Host your email with a different company (probably Google or Microsoft or someone else REALLY big.)
- Host your website with a third company
- Make and keep offsite, isolated backups out the wazoo, including backups of your DNS settings, FTP/SFTP paths, etc.
- DON’T rely solely on 30-day backup schemes, not from your host and not even from 3rd-party backup providers.