Two leading Danish hosting companies, CloudNordic and AzeroCloud, have faced a devastating ransomware attack. The event led to a catastrophic loss of most customer data and the necessity to shut down the entire range of systems. This includes websites, customer sites, and email services.
The attacked brands belong to one parent company and revealed the incident took place last Friday. The aftermath is ongoing, and restoring operations is proving to be a major challenge.
Firm’s Response to the Ransomware Attack
The company has firmly declared its intention not to succumb to the financial demands of the cybercriminals responsible for the ransomware attack. The IT teams, along with external security experts, have been working relentlessly to assess the damage.
Unfortunately, the efforts have only led to the restoration of some servers, none containing data. The majority of the customer data seems irretrievable.
A translated statement from CloudNordic reads, “It has been impossible to recover more data, and most customers have lost all their data with us.” Police have been alerted, and public notices include advice on data recovery methods.
Moving to Alternative Providers
Considering the gravity of the situation, CloudNordic and AzeroCloud have advised severely affected customers to seek services from other providers like Powernet and Nordicway.
Timing and Execution of the Ransomware Attack
The ransomware managed to infiltrate some servers despite firewalls and antivirus protection. It was during a data center migration when the servers connect to the broader network.
This unfortunate lapse allowed the attackers to access critical administrative systems, all data storage, and backup systems. They proceeded to encrypt all server disks, including primary and secondary backups, leading to complete corruption without a chance for recovery.
CloudNordic stated that the attack was restricted to encrypting data. There’s no indication that the data was accessed or stolen.
Impact of Ransomware on Danish Companies
Several hundred Danish companies have felt the impact, losing vital assets stored in the cloud. These include documents, websites, and email inboxes.
Martin Haslund Johansson, the director of both hosting firms, expressed doubt that customers would remain loyal after the recovery process.
A Trend in Ransomware Attacks
Targeting hosting providers is a known tactic of ransomware gangs. It leads to widespread damage, creating numerous victims in one go.
Such attacks put immense pressure on providers to pay ransoms to restore operations and possibly avert legal action from clients.
This isn’t an isolated incident in the hosting world. In 2017, a South Korean provider paid a $1 million ransom to recover customer data. More recently, Rackspace faced a Play ransomware attack affecting its hosted Microsoft Exchange services.
The ransomware attack on CloudNordic and AzeroCloud serves as a stark reminder of the ever-present threat in today’s digital landscape. It underscores the importance of robust security measures and the need for constant vigilance.