Cloud hosting firms hit by devastating ransomware attack

Danish cloud hosting firms CloudNordic and Azero – both owned by Certiqa Holding – have suffered a ransomware attack that resulted in most customer data being stolen and systems and servers rendered inaccessible.

The CloudNordic and Azero ransomware attack

In the early morning hours of Friday, August 18, the attackers shut down all systems.

The companies believe the attack happened while they were transfering servers from one data center to another. “Despite the fact that the machines being moved were protected by both firewall and antivirus, some of the machines were infected before the move,” CloudNordic stated.

“During the work of moving servers from one data center to the other, servers that were previously on separate networks were unfortunately wired to access our internal network that is used to manage all of our servers.”

Consequently, the attackers gained access to the company’s central administration and backup systems and managed to encrypt all stored data, as well as primary and secondary backups.

The only reassurance the companies were able to currently provide is that they lack evidence of the attackers accessing sensitive information before encrypting it. But the investigation is ongoing and evidence of data exfiltraiton may yet be found.

CloudNordic and Azero’s IT teams and external experts have managed to restore some systems – namely: name, web and email servers – but the attackers have wiped all data on them.

The companies have stated that they do not intend to pay the ransom and have reported the attack to the Danish police and relevant authorities.

Radio4, a Danish news outlet, has reported that several hundred Danish companies have been affected and could not longer access their data.

The public notices released by the companies provide customers with information on how to get mail and websites working again, but this attack may well spell out the end of both companies.

Hosting services under attack

Internet service, email, web hosting and data center providers are often hit by ransomware attackers.

Previous victims include web hosting provider Nayana, managed hosting provider Rackspace, web hosting company Opus Interactive, web hosting company Managed.com, information technology services and consulting company Cognizant, and others.

Don't miss