A cloud hosting firm lost a “majority” of its customer data after a ransomware attack infected the company’s systems.
“Unfortunately, it has proved impossible to recreate more data, and the majority of our customers have thus lost all data with us,” CloudNordic wrote in a translated post.
CloudNordic supplies servers to host email, websites, and other IT services for its customers. But the attack is so devastating CloudNordic must start from scratch in rebuilding the company’s IT systems.
“In addition to data, we also lost all our systems and servers and have had difficulty communicating,” the company says.
“We have now re-established blank systems, e.g. name servers (without data), web servers (without data) and mail servers (without data),” CloudNordic adds.
A sister company called Azero Cloud suffered the same attack, and has posted an identical notice to the public.
On 18 August the company was physically moving some servers from one data centre to another and some of the servers contained a dormant malware infection. The infected servers were then hooked up to company networks that had access to all of CloudNordic’s server infrastructure, giving the hackers access to a central admin system and backup systems.
“The attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data,” the company adds.
But while the hackers have locked down access to that data, they do not appear to have removed it from the company’s servers, CloudNordic says. The unidentified ransomware group behind the attack reportedly wants 6 bitcoins ($157,914), but CloudNordic has refused to pay.
Although CloudNordic is hoping customers will stick around as it attempts to recover, the director for the company told Danish media: “I don’t expect that there will be any customers left with us when this is over.”