Danish hosting companies CloudNordic and AzeroCloud have lost access to all their customers’ data after a ransomware attack. The two have issued a joint statement in which they acknowledge that “During the night of August 18, 2023 at 4:00 AM, CloudNordic and AzeroCloud were exposed to a ransomware attack, in which criminal hackers shut down all systems. Web pages, email systems, client systems, our client’s websites, etc. All. An intrusion that has completely paralyzed CloudNordic and AzeroCloud, and that has also had a strong impact on our customers«.
According to Techcrunch, the Danish press has confirmed that hundreds of companies have been affected. The websites of hosting companies that offered various storage services have been replaced by a text that explains the current situation. In both cases, the ransoms requested from the companies have been six bitcoins, around $155,000.
In both cases, the companies have recognized that they cannot face this step, and what is more, they do not want to do it either. For now they are working with their advisers to assess the damage and see what they can recover, but they have recognized that the situation does not look very good.
According to representatives of the two companies, “Unfortunately, it has been impossible to recreate any more data, and most of our customers have therefore lost all the data they had with us. We are deeply affected by the situation, and we are aware that the attack is also very critical for many of our clients. In addition to data, we have lost all of our systems and servers and have had communication difficulties. We have now reset the systems, blank. For example server names, web servers and mail servers. No data.»
As the cause of the attack, the two companies suggest that some servers could have been compromised in a previous attack that went unnoticed. So, after a data center migration, servers on previously separate networks were wired to access the two companies’ internal networks, which are used to manage all of their servers.
Then, through the internal network, the attackers gained access to the central administration and backup systems. The attackers then gained access to all of the storage data, the replicated copy system, and the secondary backup system.
CloudNordic and AzeroCloud have confirmed that the attackers managed to encrypt the disks of all the servers, in addition to all of the primary and secondary backup systems, so all machines went down and access to all data was lost. Despite the attack, yes, neither of the two companies has found evidence that there has been data exfiltration.
Both companies regret what happened and have thanked the customers who have been loyal to them over time, and already indicate that they are ready to restore customers with the same server names, and their new websites and mail servers. so they can start working again without moving the domain. Of course, without any of the data they had. Companies have only suggested as a means for them to recover some of their information by checking their local backups, and copying pages from the Internet Archive’s Wayback Machine service.
