While I was away at Southwest Fox, my web server got hit by ransomware. I’d like to say it was a sophisticated attack that got past my due diligence protections, but it wasn’t. It was a simple brute force password guesser and I was using a password on the server I knew was compromised.
Now, I can be dumb, but I’m not so dumb as to knowingly use a bad password on a production server. The problem was that I use Remote Desktop Manager to easily and automatically log me in to my various servers. Since I never typed in the password myself, I wasn’t aware that it was using an old, compromised password. Duh. (so, in a way, this is all Rick Borup‘s fault for introducing me to that software. And Rick wasn’t at Southwest Fox this year. Seems suspicious.)
So, don’t do what I did. Go check all the various ways you automatically log-in to stuff and make sure you’re not using some old, bad password.
Luckily this server didn’t have any mission critical apps, my documentation was good, and my backup plan was solid. It was 12 painful, tedious hours, but I managed to get everything back and running on shiny new AWS server.
With a good, secure password on it.