A ransomware attack against the Danish cloud provider CloudNordic has completely wiped out all its customer data.
The company announced the devastating news in emails to its customers and via its website
In the announcement, the company says that during the night of the 18th August the company was subject to a ransomware attack which managed to affect the entire network including Websites, email systems, and customer hosted sites.
The statement continues to say that the company believes that the attack happened whilst a series of server migrations were taking place.
It appears that prior to migrating data centres, some machines were infected and that during the work of moving servers, the infected machines were connected to the internal network used to manage all the company’s systems, and as such allowed the attackers to gain access to the central administrative systems and all backup systems.
Via the backup system, the attackers had full control of all storage systems and both primary and secondary replication systems – The attackers succeeded in encrypting all server disks causing all the systems to crash.
No customer data stolen
Initial forensic examinations suggest that whilst the entire infrastructure was compromised no evidence suggests any data was exfiltrated. The statement says that very large amounts of data were encrypted, but there were no signs of large amounts of data being copied out of the network prior to the encryption.
Recovery process will be slow
The severity of the attack has meant that CloudNordic was initially unable to communicate with customers, but also unable to bring new servers back online so that customers could begin the process of rebuilding infrastructure.
The company has now managed to rebuild some empty infrastructure and is inviting customers to get in contact so that they can share logon credentials to allow those customers access to start recreating their online presence.