"Hosting Provider CloudNordic Loses All Customer Data in Ransomware Attack"

Danish cloud hosting services provider CloudNordic recently announced that all its systems were rendered unusable following a ransomware attack.  The company noted that the attack started on Friday, August 18, and resulted in all its systems and servers being shut down.  According to CloudNordic, the attackers took advantage of an ongoing transition to a new data center and likely leveraged an existing, dormant infection to encrypt all systems.  The company noted that during the transition, previously separated servers were connected to the company’s internal network, providing the attackers with access to the central administration systems and the backup systems, including secondary ones.  The firm explained that the attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup systems, causing all of their machines to crash and causing them to lose access to all data.  CloudNordic says it has no plans to pay a ransom, although its investigation into the attack showed that it cannot recover the lost data.  According to the company, the encryption was performed via the administration systems, and there is no evidence that the attackers had access to or exfiltrated any data from the compromised servers.  CloudNordic says it has started restoring new systems, including name servers, web servers, and mail servers, to help customers restore their services without moving their domains.  CloudNordic warns that the recovery process might take a very long time.
 

SecurityWeek reports: "Hosting Provider CloudNordic Loses All Customer Data in Ransomware Attack"