Hosting provider CloudNordic fell victim to a highly successful ransomware attack that resulted in the loss of all customer data.

Hackers have managed to paralyze the entire infrastructure of hosting provider CloudNordic (and sister company AzeroCloud). Attackers were able to encrypt all hard drives on all servers, including backups. CloudNordic cannot and will not pay the ransom, so most of the customers have lost all their data. When it comes to data, think of mailboxes, company websites or even web shops. Hundreds of mainly Danish companies are victims. The attackers demand six bitcoins, which corresponds to around one million dollars, for the data to be released again.

Own backups as the only hope

Affected customers are relying on their own backups, which I hope they have. If they relied solely on CloudNordic, nothing would be left of their data. CloudNordic has now largely repaired the infrastructure and servers, but without the associated data. Anyone who has a backup of a website can thus move it back to the server and make it available to the public again without the need for a website migration.

In the meantime, the provider is giving customers tips on how to get their DNS up and running again as quickly as possible. CloudNordic and AzeroCloud detect the severity of the attack and provide immediate tips for users looking to migrate to a competitor.

Unique convergence

The devastating attack could have happened by perfect coincidence. Despite existing firewall and antivirus solutions, attackers had already gained access to some machines some time ago. At the time, the hackers did not use this access to launch their attack. Instead, they waited patiently.

It was worth it, because CloudNordic had to relocate the data center. During the move, servers that were previously in a segmented network were connected to form a large internal network that is used to manage the entire infrastructure. At that moment, the hackers woke up again and gained access to the central management and backup system. From there, all data, all backups and all secondary backups have been encrypted.

death sentence

CloudNordic has a band-aid for the gash: there is no evidence that attackers have ever gained access to customer data themselves. Access was at disk level, where encryption was possible, but according to the provider no data exfiltration took place.

The damage is immense. “Our customers can no longer find us, there is no longer a company,” a hosting customer tells a Danish news channel. CloudNordic and AzeroCloud are under no illusions. The attack is most likely the death knell for the companies. CEO Martin Haslund Johansson says it himself: “I don’t expect another customer to come back to us when this is all over.”

backups

The successful attack doesn’t bring the hackers a penny, but it is devastating for the provider and its customers. The hack shows the importance of correct and redundant security systems. Firewalls are not enough: Critical networks must be constantly monitored for suspicious activity.

In addition, immutable backups are essential, making it impossible to modify or delete backups within the protected environment. This requires a new and complex infrastructure that leaves many companies vulnerable. The possible consequences of this sad attack are very clear.

Even as an end customer, there is an important lesson to be learned that applies to everything: Do not entrust really critical matters to one party. Secure what is really important for yourself so that you still have options even if you lose your partner.