The ongoing cyber war may affect you too, get ready for it!

[gtranslate]

We publicly condemn the invasion of Ukraine by Russian armed forces, which is currently accompanied by strong cyber-attacks by Russia.

The current war is not only a war of arms, but it is also a cyber war that can affect you. We have made the following key recommendations:

Groups are organizing on the Internet to fight in cyberspace. This creates other impacts that can affect you too. Strong DDoS attacks are already underway and we expect them to get stronger and stronger. We also anticipate attempts to hack or delete data.

Backup

Now your data (and backups) are the most valuable thing you have. Consider anything that is not backed up (ideally off the internet) as (potentially) lost. Given the current events, we strongly recommend keeping at least 1 copy of your backups offline. By offline backup, we mean a copy of the data that is not on a machine or storage that is connected to the Internet (or rather, to a computer network).

We don’t know what will come in the next few days. Russia has used a brand new malware called HermeticWiper in Ukraine to delete data. According to the National Institute for Cyber Security (NICS), this malware is already active in Lithuania and Latvia. The next target could be the Czech Republic and you and your data.

It is important to remember that any hosting system can be attacked and the easiest and fastest thing an attacker can do is to delete both live and backup data. Such cases have already happened to several hosts in the history. And now the risk is growing because we do not know how the Czech Republic will engage in helping Ukraine. The more we help and the more Russia is backed into a corner, the more it can retaliate this way too

Considering how the Internet is built and how many bottlenecks it has, a massive cyber attack could easily paralyze the entire Czech Republic for days or weeks. And we tell you this quite frankly as a company that has one of the best DDoS protections in the Czech Republic and has withstood the strongest DDoS attack in the history of the Czech Republic. By the way, last week (from 18.02 to 19.02.2022) we withstood another very strong attack and this week we were repeatedly under a large number of extremely strong DDoS attacks (article with details is in preparation).

We challenge you! Back up all the data you have with us. It’s in your best interest to consider our precautionary warnings as professional advice from people who have been in the business for 25 years.

Back up online and offline

Back up all your data. Not only the data on your computer, but also the data on our web hosting, databases and emails. Also back up the data you have stored in a virtual (or dedicated) server that you have rented from us.

Keep multiple copies of your backups online (cloud, remote storage) and offline (external drive). You can use our WEDOS drive as remote storage for online backup. But don’t just rely on him! Make more backups. Back up your data to yourself (office, home), not only to storage or servers that are connected to the network, but also to external storage that you can easily disconnect from the network after the backup.

Automatic backups are the best

There are a number of automated tools that take care of backups. They can be installed on your computer or as an add-on to your e-shop/editing system.

Automatic backup is better than manual backup.

• WEDOS Disk – backup with Cobian Backup
• WordPress | 5. Backup

Check your backups

Automatic backups are great and can go for years without you having to touch them, but are you sure they really work? Regularly check your backup files to make sure they are functional. Especially compressed files may look fine at first glance (size, date), but the file may be corrupted.

It doesn’t hurt to download them periodically and try them out to see if they work.

Did you really back up everything?

It is necessary to take into account where and what data is stored. For example, most sites have files on storage and data in a database. If you back up only the files on the repository, you have all the images, scripts, fonts, etc., but you don’t have the content. That’s in the database.

Don’t forget to back up your emails – the contents of your inbox. Back everything up. For businesses, don’t forget to back up your accounting and anything else you have that is important to running your business (CRM and other similar systems).

It is similar on the computer. The program files are elsewhere than its data. An example of this is an email client. If you back it up, you don’t back up your emails and message content and attachments at the same time.

Choose the appropriate frequency of backups

As mentioned at the beginning. The moment a backup takes place, everything else until the next backup must be considered lost. If you back up once a day and receive 60 orders during the day, you will lose all of them in the evening if you lose data. Wouldn’t it be better to make backups once an hour?

You don’t have to back up everything. You can divide the deposits. For example, you can back up the entire system once per week, data once per day and orders once per hour.

There are also different methods of advances. You can back up everything or just differences (the new things that have been added or changed.) While backing up everything is bulky and time-consuming, backing up differences can be surprisingly fast.

Keep several backups

If you only keep 1 backup that you overwrite, you run the risk of it going bad and you losing everything. A faulty backup can occur surprisingly easily.

It’s also a good idea to keep a few older backups for a longer period of time (maybe a week) to avoid infecting the system. A security hole can allow malware to enter your system, and it can wait weeks or even months to be activated or discovered. So the last clean backup may hold the key to removing it.

Our backup guides:

• FTP web hosting backup using rsync
• Thunderbird – email backup
• Restoring a site from backup
• Backing up your site – general
• Import and export database in phpMyAdmin

Tutorials for WEDOS drive

• WEDOS Disk – FTP connection
• WEDOS Disk – connect via rsync
• WEDOS Disk – SMB connection in Mac OS
• WEDOS Disk – SMB/CIFS connection
• WEDOS Disk – Encrypted EncFS disk
• WEDOS Disk – VeraCrypt encrypted disk

Attacks

The internet is a pretty dangerous place at the moment. Robots are constantly attacking websites, looking for vulnerabilities and overloading them. WEDOS operates one of the largest blacklists in the world, which is compiled from both third party (paid) lists and data from our services. We have data from more than a hundred and fifty thousand active sites, so we can supplement our blacklist decently, but even that is sometimes not enough.

We have to keep some of the IP addresses on whitelists, even if they are under attack. This, of course, complicates our lives considerably. Therefore, use:

• Add-ons to content management systems to increase protection, such as WordFence for WordPress.
• Restrict access to administration via .htaccess to your IP address only.
• Disable access from the outside to all directories where the visitor doesn’t need to go (doesn’t need to download files from) via .htaccess.
• Do not delay security updates of all parts of the website, editorial system, plugins, virtual (or dedicated) server.

If you still have a problem with attacks, please contact us via the contact form. We put you behind our WEDOS Global Protection, which we are still developing but already protects dozens of our customers.

Beware of fraudulent emails

If you suddenly get an email you weren’t expecting, it’s most likely someone trying to get your login credentials or upload malware to your computer.

In this case, the recommendations apply:

• Don’t click on anything suspicious.
• If the email says there is a problem with your account with a service you use, don’t click on the link in the email. Instead, visit the service directly through your browser. If there’s a problem, you’ll find out there.
• Just because an email came from a particular email address does not mean that it actually did. The attacker can specify anyone as the sender. It’s just like a letter you drop in the mailbox. You can write whoever you want as the sender.
• There may be malicious code in the email itself. A good antivirus can handle it.

Conclusion

This article is not hyperbole. The situation is really getting worse. We will do our best to protect your data. We have always been honest with you, and so now we say: “Go out and buy an external drive to back up your data.” The situation is serious, so we recommend that the safest way to back up your data is offline.

“Let’s hope for the best, but prepare for the worst.”