Why were not we warned through every possible means?

4 of my servers were hacked using the latest cyberpanel 2.3.6 version

Thank God my most important server was using an outdated Cyberpanel version and it is still safe.

So this DreyAnd person is a malicious and nasty person who did this for fame even providing a hack for script kiddies to exploit, what a nasty person he is. You’re not an ethical hacker, don’t fool yourself. You are nasty and I hope you get payback for what you did to thousands of users.

But the blame is on Cyberpanel team as well

WHY WAS NOT THIS MEGA NEWS AND WE WERE ALERTED???

THIS WAS NOT A BS update, this was a major root exploit

Sorry but exploits and security issues happen with every software

but the difference with good developers and bad developers is good developers immediately warn its users and protect them even auto-updating them.

I have installed the latest cyberpanel version but it’s the end of road for me with cyberpanel.

What a joke

Even still, this isn’t front page news on cyberpanel you know?

HELP YOUR USERS!!!

4 Likes

Cyberpanel is dead.

My,
Hundreds of sites no loading. 400GB+ data blocked.
All files locked and encrypted.
What I can do now? Any Idea.

Thank You.

I feel deeply disappointed with the development team behind CyberPanel. They were unprofessional in handling security vulnerability reports from experts, which allowed hackers to easily exploit those vulnerabilities to gain control of the servers. Although I made efforts to restore my system after more than 22 minutes of server downtime due to the coin miner malware, many websites are still not back online because the ransomware.

1 Like

There are two solutions: the first is to wait for security experts to find a way to decrypt your files affected by ransomware, and the second is that you may have to pay the hacker to obtain the key to recover your data.

The files marked with locked or encryp are not possible to decrypt.
The attackers used an asymmetric encryption, which is not recoverable.
Leakix checked this already with samples from the users.

Quote:

  • One of the group .locked properly used asymetric encryption to ensure recovery is impossible
  • The other group .encryp seem to use a binary that is still under analysis, but it seems they do asymetric encryption as well and recompile the binary for each target

How can I upgrade to non effective version?

I paid 1200 dollars to recover my data((( I think the developers should reimburse me for all costs incurred

it’s possible to decipher if you pay

Hello

I have paid 2300USD :slightly_smiling_face: recovered 3 servers & the files, then hired a professional to scan and check each file properly and I recommend you to also check all your file using any good virus scanner, because they might have injected some suspected files all around which might infect your system once again.

And then I have said GoodBye to Cyberpanel.

Thank You Cyberpanel, for all of this.
I understand it is an accident but if you should take better steps before this.

2 Likes

Time to say goodbye to this shitty panel.

2 Likes

no accident, we were duped into not being notified of a critical error.

1 Like

Yes, You are right also.

But my question why they don’t have auto update option? For security issues they should use auto update type system?

This is totally worst sceneria. 3 days no sleep I don’t know how I am typing. All thanks to cyberpanel.

2 Likes

Likewise, my friend, likewise.

1 Like

I suggest cyberpanel start writing a decryptor. At least try to do it.

Please write to me. Your experience with decoding is interesting. telegram: @cloverstas

hello aleksandr, can you recommend an expert that can fix this issue , im still facing this problem

I don’t suggest giving money to these sc*mbags!! For several reason

  1. There is no guarantee that they will give you the files back without a backdoor in it.
  2. Also as long as you have an unsecure cyberpanel, they or another group can continue to hack
  3. As long as people pay these sc*mbags they will get encouraged and try to do even worse
  4. YOU ARE GOING TO BE PAYING SC*mBAGS!!! You never pay the bad guys

Start fresh or use an old backup is far better than paying these lowlifes. Seriously.

Hello

You are correct. I have paid because I have data worth 5XX,XXX$ and these are very important for me. I have paid and got them back then hired someone from my location and took 2 days to check all files, sanitize them then using some antivirus tools we have scanned them and then copied the file in multiple times then also scanned all the copies multiple times and then now I am using them in another panel.

If something like this happens again, then nothing to do, it might be my luck.

1 Like

Not right. Numer 3 solution: recover from your Backup