Cloud hosting service hit by ransomware reports losing 'almost all data'
In recent years, many companies have been using
CloudNordic Ransomware Angreb
https://www.cloudnordic.com/
Ransomware infection wipes all CloudNordic servers • The Register
https://www.theregister.com/2023/08/23/ransomware_wipes_cloudnordic/
Danish cloud host says customers 'lost all data' after ransomware attack | TechCrunch
https://techcrunch.com/2023/08/23/cloudnordic-azero-cloud-host-ransomware/
In a statement on its official website, CloudNordic reported, 'Unfortunately, at 4:00 a.m. on August 18, 2023, CloudNordic was subjected to a ransomware attack and all of our systems were shut down by the hackers, including our website, email systems, customer systems, and customer websites. This breach has completely paralyzed CloudNordic and has had a significant impact on our customers.'
Ransomware is malware that encrypts data on infected devices, making it inaccessible to the victim, and hackers threaten victims by demanding they pay a ransom if they want access to their data.
CloudNordic also received a threat from the hackers, but did not pay the ransom. CloudNordic said, 'Because we cannot meet the hackers' ransom demands, CloudNordic's IT team and external experts have been working intensively to assess the damage and determine what can be recovered,' but it was not possible to recover the data. As a result, most of its customers and CloudNordic itself lost all of their data. AzeroCloud, a hosting company whose parent company is the same as CloudNordic, was also affected.
It is unclear how the ransomware entered the system, but some of the machines may have been infected with the ransomware before, and it is possible that the ransomware spread to all systems during the data center migration.
'The machines were not actively used in the previous data center and therefore did not realize they were infected with ransomware,' CloudNordic said. 'During the process of moving servers from one data center to another, a server that was previously on a separate network became wired to access the internal network that manages all of the servers. The attackers gained access to the central management and backup systems via the internal network.'
The attackers gained access to all data storage, the duplicate backup system, and the secondary backup system, and successfully encrypted all servers and backups. As a result, all machines crashed and data became inaccessible. CloudNordic is offering customers the option to restore their homepages from local backups or the digital archive,
CloudNordic said, 'The attack occurred by encrypting the disks of all virtual machines, but we have not found any evidence of a data breach.' 'While a very large amount of data was encrypted, we have not seen any evidence that any large amounts of data were copied,' and claimed that no data was leaked.
Danish media reported that the attack caused hundreds of Danish businesses to lose their websites, email inboxes and cloud-stored data.
Some people may think that it would be better to pay the ransom to ransomware than to lose their data, but the ransom paid by a company will become funds for hackers' activities and lead to new damage. In addition, even if the ransom is paid, there is no guarantee that the data will be fully restored, and it has been reported that '80% of organizations that have paid ransoms to ransomware have been attacked a second time.'
80% of organizations that paid ransoms after ransomware attacks are attacked a second time - GIGAZINE
Related Posts: