Danish hosting firms CloudNordic and AzeroCloud have fallen victim to ransomware attacks, resulting in the loss of a significant portion of customer data and necessitating the shutdown of their entire systems, including websites, email services, and client platforms.
Both brands, owned by the same parent company, disclosed that the attack occurred on a Friday night, but current operations remain severely disrupted, with only partial server restoration and no data recovery achieved. Despite the loss, the hosting providers have declared their refusal to pay the ransom demanded by the threat actors, opting instead to collaborate with security experts and report the incident to law enforcement agencies. CloudNordic’s restoration efforts have encountered challenges, with numerous customers facing unrecoverable data loss.
While CloudNordic’s statement highlighted their inability to meet the ransom demands, the firm’s IT team and external experts have been tirelessly working to evaluate the extent of the damage and salvage any recoverable data.
Unfortunately, many clients have already experienced irreversible data loss, leading to the majority losing their information. The hosting companies advised heavily affected customers to consider alternative providers like Powernet and Nordicway.
The attacks on CloudNordic and AzeroCloud have disrupted a wide range of services, including websites and email inboxes, affecting hundreds of Danish companies. Martin Haslund Johansson, director of Azerocloud and CloudNordic, anticipates customer attrition once recovery efforts are finalized.
This incident illustrates the challenges posed by ransomware attacks, even on servers protected by firewalls and antivirus solutions. The attackers exploited a data center migration to infiltrate the network, compromising critical administrative systems, data storage, and backup systems. The attackers then encrypted all server disks, rendering data recovery impossible.
CloudNordic emphasized that the attack was limited to data encryption, with no evidence of unauthorized access or exfiltration. The targeted attack method, often aimed at hosting providers, leads to widespread damage and numerous victims in a single attack.
Such incidents can place providers under immense pressure to pay ransoms to restore operations and mitigate potential legal action from affected customers, as demonstrated by a similar attack on a South Korean hosting provider in 2017. Recent cases, including Rackspace’s Play ransomware attack, which led to email outages, underscore the far-reaching consequences of such attacks.