Danish cloud host CloudNordic recently experienced a devastating ransomware attack on August 18, which resulted in the loss of data for the majority of its customers. The company made a public announcement regarding the incident on its website, acknowledging that the attack had completely paralyzed their operations. The unidentified threat actors behind the attack successfully shut down all of CloudNordic’s systems, including their websites, email systems, servers, customer systems, and customer websites.
CloudNordic expressed their refusal to meet the financial demands of the hackers, which led to their IT team and external experts working diligently to assess the extent of the damage and determine what data could be recovered. Unfortunately, they discovered that it was impossible to restore much of the lost data. The company admitted that most of their customers had lost all of their data, and this information had only been communicated to those affected at that time.
Having reported the ransomware incident to law enforcement, CloudNordic assured its customers that there was no evidence of a data breach. The attackers had only encrypted the data, without attempting to copy it out. The cloud host emphasized that no substantial amounts of data had been leaked or stolen.
Interestingly, CloudNordic was not the only victim of this attack. Its sister cloud host, AzeroCloud, which is owned by the same parent company, also suffered the same fate. AzeroCloud’s website displayed an identical notification to CloudNordic’s, underscoring the coordinated nature of the attack.
In response to the attack, CloudNordic has made efforts to establish new name, web, and mail servers. These new servers were set up without any preexisting data. Consequently, the company is now ready to restore customers on both the original name servers and the newly created ones. The notification on their website also provided instructions for customers who wished to recover their websites and for those who preferred to move their domains to new hosting providers.
CloudNordic traced the occurrence of the attack back to a time when servers were being relocated between data centers. It appeared that systems already infected with the ransomware had been connected to the company’s internal network during the move. This inadvertent action allowed the attackers access to central administration systems and backups, leading to the encryption of all server disks, including primary and secondary backup systems. As a result, all machines crashed, and CloudNordic lost access to all of its data.
TechTarget Editorial reached out to CloudNordic for additional comments but has yet to receive a response.
The incident highlights the increasing prevalence and severity of ransomware attacks, where cybercriminals employ encryption techniques to hold data hostage in exchange for a ransom payment. The impact of such attacks on businesses can be devastating, as they can result in significant data loss, operational disruptions, and financial losses.
As CloudNordic works to recover from this attack, it serves as a stark reminder for businesses to prioritize robust cybersecurity measures and employ proactive strategies to prevent ransomware attacks from occurring. Regular system backups, network segmentation, employee cybersecurity training, and strong access controls are crucial steps that organizations can take to enhance their security posture and mitigate the risk of falling victim to ransomware attacks.
Alexander Culafi, an information security news writer, journalist, and podcaster based in Boston, has contributed to this article.