0

I received an email indicating that my Google Cloud Project have been suspended because I was supposedly mining cryptocurrencies.

My project is a tool like a Calculator and that issue surely isn't possible.

What could be happen?

In order to create a function I hired a programmer on UpWork and give him access to the GCP.

Well, it seems this developer has abused our trust and did something wrong.

What can I do?

Now the project is suspended and any section I try to go in the form "Appeal" appears.

I appealed but I have to wait Google to reply.

How can I check if my project have been used for these bad usages?

I want to cut services the developer could be used or so.

Davis
  • 137
  • 1
  • 6
  • Giving access to a developer does not mean that he is the one doing the crypto mining. It could be that ports on your VM were open and bad actors installed software on it. The email you were sent did not have any next steps? – dany L Sep 13 '22 at 19:36
  • Mmm I see. About your question, unfortunately not. Only were sent links to Google Support / Help and so. It would be very useful if these kind of emails have instructions to resolve :/ . – Davis Sep 13 '22 at 19:39
  • Usually what is inside your VM is private to you. So Google have no access to it. It is a shared responsibility to protect your VM, like setting firewalls and making sure no unwanted users connects to your VM. – dany L Sep 13 '22 at 19:42
  • It's so weird. I don't remember touching such values, and I don't know if the dev touched that. I hope Google replies with instructions or something... – Davis Sep 13 '22 at 19:45
  • Start to read this : https://cloud.google.com/architecture/bps-for-protecting-against-crytocurrency-attacks – dany L Sep 13 '22 at 19:45

1 Answers1

0

Unfortunately, you must wait for Google’s reply.

AS a recommendation you could review this information to determine if it is intended, Cryptocurrency mining is often an indication of the use of fraudulent accounts and payment instruments, and requires verification in order to mine cryptocurrency in the Cloud Security Help Center.

If you believe your project has been compromised, I recommend that you secure all your instances, which may require uninstalling and then reinstalling your project, you could follow the steps.

To better protect your organization from misconfiguration and access the best of Google's threat detection, you may consider enabling Security Command Center (SCC) for your organization. To learn more about SCC visit.

Erick Melgoza
  • 11
  • 3