Dec 10, 2014
As most of you now know Ktools.net and Ktools servers were the victim of a malicious attack. On November 17th Ktools10 had a server failure. Chris (my server administrator) and I worked to quickly get the server back up and review the damage. About half the accounts on the server were lost and others were damaged. In addition all backups were missing and/or damaged. We got the server back to a stable running condition and started notifying people of this failure. We then purchased a new server in order to move these clients off of Ktools10 to this new server. While we prepped the new server we received an email from a hacker saying that he had access to the Ktools10 server and he wanted money in exchange for not doing any more damage. We then knew the damage to Ktools10 was not from a hardware failure in itself but from a group of hackers who had gained access to Ktools10 and implanted a rootkit.
The hacker continued to send numerous emails demanding money over the next couple days. During this time Chris and I had parted ways mostly because of this breach of our servers. At that time I had no reason to believe the hacker had access to any other systems in our network. I hired a company out of Chicago to help manage all of our servers. As they started their initial review and started to put a plan in place the hacker struck taking down Ktools.net, KtoolsHosting.net, KtoolsDemos.net and other Ktools sites. At this time the hacker also struck Ktools7 rendering most accounts and backups useless on this server. I then posted a message in the Ktools.net member account of everyone affected by the hacker.