Hosting provider CloudNordic loses customer data in ransomware attack
Danish cloud hosting provider CloudNordic ApS has been struck by a ransomware attack that resulted in most customer data being lost and its systems rendered unusable.
According to a statement on the company’s website, the ransomware attack took place on Aug. 18 local time, with those behind the attack shutting down all systems, including websites, email systems and customer support systems. In their words, the attack affected “everything” and “paralyzed CloudNordic completely.”
The attack occurred as the company moved servers from one data center to another. Despite the machines being moved being protected by security software, some of the machines were infected before the move, and when they were moved, they then infected the new data center. Unfortunately, the company had all of its internal systems in the new data center.
In this case, the ransomware spread via CloudNordic’s internal network, gaining access to central administration and backup systems. Via the backup system, the attackers then gained access to all storage, the replication backup system and the secondary backup system, encrypting data on every system it got to.
The form of ransomware was not disclosed, but regardless of its type, CloudNordic noted, it cannot and does not want to meet the ransom being demanded by the hackers. According to Danish media Wednesday, the attack has also affected hundreds of companies that used CloudNordic for their hosting.
“This is another example of cyber gangs strategically focusing on high-value targets like managed service providers where they can use data exfiltration to extort multiple organizations at once and increase the odds of ransom payment,” Darren Wiliams, founder and chief executive of ransomware protection company BlackFog Inc., told SiliconANGLE. “This means the aftermath of the attack will likely unfold over a prolonged period, similar to the MOVEit attacks.”
Kevin Kirkwood, deputy chief information systems officer at security intelligence firm LogRhythm Inc., noted that ransomware attacks continue to target businesses with substantial data.
“Effectively countering these cyberthreats demands thorough readiness and enterprises must adopt…
