RuTube has been down for three days. The company continues to claim that everything is under control and needs more time to heal, while insiders claim irreparable damage. Channel 24 has gathered the latest information about a large-scale hacker attack on a service expected to replace YouTube’s invaders, but has tracked the Russian ship.

Who hacked RuTube?

On the evening of May 10, a message appeared on Twitter in which it became clear who killed the Russian video service. As we suggested in one of the previous materials, hackers association anonymousOn the same day, who hacked SmartTV systems and made anti-war appeals to the Russians.

“Anonymous hacked Russia’s RuTube video platform. Almost 75% of the major version’s databases and infrastructure and 90% of the backup and database recovery cluster were severely damaged, so it’s likely that RuTube will be gone forever.”

As you can see from the message, Anonymous believes the service cannot be recovered. The company itself states that it controls everything.

Indeed, we encountered the most powerful cyberattack in RuTube history. It’s important to understand that video hosting is one petabyte of archive data and hundreds of servers. Recovery takes longer than engineers initially thought. However, gloomy predictions have nothing to do with this situation: the source code is available, the library is intact. We are currently in the process of restoring file system segments of remote environments and databases on some servers,
– stated in the press center yesterday.

Several teams, including experts from Positive Technologies (PT Expert Security Center), joined the service to eliminate the consequences of the cyberattack. Denis Goidenko, head of the information security response division at the company’s specialist security center, said the Positive Technologies team understood the key tools hackers use after two days of work.

As the RuTube infrastructure is quite large and complex there is still a lot of work to be done and now we are trying to find all the means by the hackers to block the possible return paths of the hackers in all parts of the RuTube infrastructure,
– Says Goydenko.

RuTube management was aware of vulnerabilities in the service’s infrastructure

• According to the Russian version of iPhones.ru, the company management was warned in advance of vulnerabilities in the service infrastructure.
• As early as October 25, 2021, the security director of Ruform LLC (Rutube’s legal entity) sent a memo to former CEO Oleksiy Nazarov explaining the vulnerabilities.

The following tweet contains unconfirmed internal Rutube documentation:

• From the documents it is clear that the Group-IB subsidiary must supply RuTube server equipment and also test and ensure its security.
• However, as a result, RuTube made a decision to “not work”, and the damage amounted to more than 407 million rubles.
• After that, apparently, the company did not have time to change the contractor or make a new purchase, which paid off with a major break.

The following tweet confirms that the leak continues despite the company’s assurances that all data will be protected:

“Now you can see the result. Here’s a lot of combined data from RT. Enjoy. You’ll see more interesting things soon.”

In the screenshots you can see some data, especially from the account of the propagandist Vladimir Solovyov. The concession of “privileged accounts” confirmed the publication “Kommersant”.

What losses does RuTube predict?

Losses due to restoration costs and loss of advertising revenue It can vary from 500 million to 1 billion rubles. This assessment was given by the director of the Sales Department of the investment company “Vector X” Sergei Zvenigorodsky. That is, provided Anonymous makes a mistake and the service manages to come back to life.

If the problem is caused by the vulnerability of certain servers, it is unclear how the company will continue to work with them because it will be impossible to purchase new equipment due to the sanctions. And such attacks are likely to be repeated with the old ones. Today, even large companies such as VK and Yandex report huge problems with the equipment. And RuTube, which is owned by Gazprom Media, does not have such capabilities.

When they will continue to work

Experts from Positive Technologies are finding out if any service workers were involved in the hacking, and have also already stated that there is “complete restoration of the damaged part of the infrastructure.”

We managed to partially escape a serious attack. The damaged part of the infrastructure was completely restored. Now the RuTube service is constantly restoring,
– RuTube CEO Oleksandr Moiseyev told Vedomosti on the evening of May 10.

• He added that the video monitoring function will be restored first and that it will take place on the night of May 10-11.
• They also had to restore their streaming and streaming services.
• At the time of writing, at 3:18 p.m. on May 11 in Kiev, the site is still down.

Companies currently anticipate a recovery period of at least one week. We hope Anonymous will be right and RuTube will never appear online again.