by SAVIOUS KWINIKA
JOHANNESBURG, (CAJ News) – IS it possible to recover websites that have come under cyber attacks?
In the event of one’s website being hacked, what must the victim do?
The questions usually trouble businesses of all sizes as well as the public and private sectors.
Zinia Managing Director, Warren Bonheim, has answers to such questions.
“Yes, it is possible to recover a hacked website, but the recovery process depends on the severity of the attack and the measures in place beforehand. Typically, the company or IT team responsible for managing the website should have regular backups,” Bonheim said.
He added: “It’s crucial to ensure that these backups are not only done frequently but also tested to confirm they are complete, uncorrupted, and can be used to restore the website quickly.”
Bonheim urged businesses to immediately take the website offline to prevent further damage or data theft from the cyber attackers and restore the website from the latest clean backup file.
The veteran tech expert encouraged companies to also identify and patch the vulnerability that allowed the hack to occur, be it outdated software, weak passwords, or unsecured plugins.
“Conduct a thorough security audit to ensure no other areas have been compromised, communicate transparently with stakeholders about the issue, including steps taken to resolve it, proactive planning, including backup management, security audits, and employee training, is key to minimising damage and ensuring a swift recovery,” Bonheim urged.
When asked what if the website is being held for ransom, can one still restore it?
“If a website is being held for ransom and the attackers have compromised login credentials, taking the website offline can be challenging. However, there are still steps companies can take,” he suggested.
Bonheim said many hosting providers had tools and support to help regain control, pointing out these tools enabled them to suspend the site, block access, or assist in removing the malicious content.
“If there is an emergency or backup admin account that hasn’t been compromised, they can use it to regain control. If they don’t have one, this is a good reminder to create one for future incidents,” Bonheim urged.
He said even if their web admin credentials were compromised, the hosting company could still have access to the server through cPanel, SSH, or FTP.
Bonheim said from such a host of web admin credentials companies could manually disable the site or remove malicious files to recover them from the cyber attackers.
“If possible, disconnect the compromised server from the network to stop further damage or data leakage. In a ransomware situation, it’s best to involve experts who can help assess the situation, recover your site, and potentially negotiate with attackers if necessary,” Bonheim said.
Bonheim said the main motivation behind hackers’ attacks was pretty straightforward: money.
“That’s why they often use tactics like ransomware to blackmail their victims or phishing,” he said.
Among other key reasons for cyber attacks include money and information, corporate espionage, weak security, causing chaos, website attacks, blackmailing executives, personal vendettas and opportunistic attacks.
A cybercrime report by Interpol, found that there were more than 230 million cyber threats detected in South Africa in 2021, the highest number on the continent. The most recent statistics were not readily available.
– CAJ News