Getty Images/iStockphoto
CloudNordic loses most customer data after ransomware attack
The Danish cloud host said the ransomware attack it suffered last week 'has paralyzed CloudNordic completely' and that 'it has proved impossible' to recover more customer data.
Danish cloud host CloudNordic said it suffered a ransomware attack Aug. 18 that has resulted in the majority of its customers losing all data hosted with the company.
CloudNordic announced the update via the homepage of its website. The cloud host said the attack "has paralyzed CloudNordic completely" and that unnamed threat actors shut down all systems, including the host's websites, email systems, servers, customer systems, customer websites and more.
"As we cannot and do not want to meet the financial demands of the criminal hackers for ransom, CloudNordic's IT team and external experts have been working hard to get an overview of the damage and what was possible to re-create," the homepage read, as translated from Danish to English via Google. "Unfortunately, it has proved impossible to re-create more data, and the majority of our customers have thus lost all data with us. This applies to everyone we have not contacted at this time."
According to CloudNordic, the ransomware incident has been reported to law enforcement, and there is currently no evidence of a data breach -- only encryption. "Very large amounts of data were encrypted, and we have seen no signs that large amounts of data have been attempted to be copied out," the host reported.
The company suffered an attack alongside its sister cloud host, AzeroCloud -- both are owned by the same parent company -- and the notification on the latter's website is identical.
The host said it has established new name, web and mail servers, all without preexisting data, and that it is ready to restore customers on "the same name servers" as well as the new blank ones. The notification also included instructions for customers that want to restore their websites and those that want to move their domains to new hosts.
The attack occurred, CloudNordic estimated, when servers were being moved between data centers and already-infected systems were wired to access the company's internal network during that time. This, the company inferred, granted attackers access to central administration systems and backups.
"The attackers succeeded in encrypting all servers' disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data," the company said.
TechTarget Editorial has contacted CloudNordic for additional comment.
Alexander Culafi is an information security news writer, journalist and podcaster based in Boston.