4 of my servers were hacked using the latest cyberpanel 2.3.6 version
Thank God my most important server was using an outdated Cyberpanel version and it is still safe.
So this DreyAnd person is a malicious and nasty person who did this for fame even providing a hack for script kiddies to exploit, what a nasty person he is. You’re not an ethical hacker, don’t fool yourself. You are nasty and I hope you get payback for what you did to thousands of users.
But the blame is on Cyberpanel team as well
WHY WAS NOT THIS MEGA NEWS AND WE WERE ALERTED???
THIS WAS NOT A BS update, this was a major root exploit
Sorry but exploits and security issues happen with every software
but the difference with good developers and bad developers is good developers immediately warn its users and protect them even auto-updating them.
I have installed the latest cyberpanel version but it’s the end of road for me with cyberpanel.
What a joke
Even still, this isn’t front page news on cyberpanel you know?
I feel deeply disappointed with the development team behind CyberPanel. They were unprofessional in handling security vulnerability reports from experts, which allowed hackers to easily exploit those vulnerabilities to gain control of the servers. Although I made efforts to restore my system after more than 22 minutes of server downtime due to the coin miner malware, many websites are still not back online because the ransomware.
There are two solutions: the first is to wait for security experts to find a way to decrypt your files affected by ransomware, and the second is that you may have to pay the hacker to obtain the key to recover your data.
The files marked with locked or encryp are not possible to decrypt.
The attackers used an asymmetric encryption, which is not recoverable.
Leakix checked this already with samples from the users.
Quote:
One of the group .locked properly used asymetric encryption to ensure recovery is impossible
The other group .encryp seem to use a binary that is still under analysis, but it seems they do asymetric encryption as well and recompile the binary for each target
I have paid 2300USD recovered 3 servers & the files, then hired a professional to scan and check each file properly and I recommend you to also check all your file using any good virus scanner, because they might have injected some suspected files all around which might infect your system once again.
And then I have said GoodBye to Cyberpanel.
Thank You Cyberpanel, for all of this.
I understand it is an accident but if you should take better steps before this.
You are correct. I have paid because I have data worth 5XX,XXX$ and these are very important for me. I have paid and got them back then hired someone from my location and took 2 days to check all files, sanitize them then using some antivirus tools we have scanned them and then copied the file in multiple times then also scanned all the copies multiple times and then now I am using them in another panel.
If something like this happens again, then nothing to do, it might be my luck.