A ransomware attack has targeted two cloud hosting companies, resulting in a complete loss of all customer data they were entrusted with.
CloudNordic and Azero, both subsidiaries of Danish firm Certiqa Holding, released a statement on their websites revealing that they fell victim to a ransomware attack on the early morning of Friday, 18th, 2023.
The impact of the attack was severe, causing the shutdown of all systems, including websites, email servers, and the encryption of customer data. CloudNordic conveyed the grim outcome on its website, stating, “The attackers managed to encrypt all servers’ disks, as well as on primary and secondary backup systems, whereby all machines crashed, and we lost access to all data.”
What makes this incident even more distressing is that the attackers did not employ their typical tactic of exfiltrating data before encrypting it. There is no evidence to suggest that the data was stolen beforehand, meaning it is irretrievably lost. The identity of the threat actor behind this attack remains unknown, and the demanded ransom amount has not been disclosed. Notably, the victim opted not to pay the ransom, partly due to financial constraints.
As of now, no ransomware group has claimed responsibility for the attack.
CloudNordic is still in the process of determining how the attackers infiltrated its systems, but initial speculation points to a migration of servers from one data center to another. During this migration, a previously compromised endpoint was inadvertently connected to a separate network with access to internal endpoints, leading to disastrous consequences.
CloudNordic concluded, “Through the internal network, attackers gained access to central administration systems and backup systems.”
At the time of reporting, CloudNordic acknowledged on its website that communication has become challenging in the wake of this devastating cyberattack.