View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 25, 2023

Devastating ransomware attack hits Danish cloud hosting companies CloudNordic and AzeroCloud

A ransomware attack on the Danish hosting sites saw its back-ups encrypted and both firms lose access to all of their customers' data.

By Claudia Glover

Danish cloud hosting companies CloudNordic and AzeroCloud are suffering an ongoing combined ransomware attack that has led to a catastrophic loss of customer data, according to announcements from both companies. Both cloud providers have been forced to shut down all email and customer sites. The hackers have set a ransom of six Bitcoins, or $157,000, for the data to be restored.

The attack took place on Friday 18 August. The attackers, who remain unidentified, were able to hack into network-linked cloud servers used by both companies during a migration to another data centre. This enabled the hackers to access backup systems and entire data storage silos, leading to total server disk encryption.

Danish cloud hosting companies CloudNordic and AzeroCloud have been hit by a devastating ransomware attack. (Photo by Dario Lo Presti/Shutterstock)

While IT teams have managed to get some servers back online, no data has yet been restored. In the place of its homepage, a notice from CloudNordic written in Danish explains that the attack had “paralysed” the company. The message continues that, while the effects of the attack are devastating, the companies are unable and unwilling to pay the ransom demanded by the hackers. They added that it has proved impossible to restore data lost in the breach and, consequently, it appears the erasure may be permanent.

CloudNordic stated that it remains in contact with local law enforcement, who advised the companies not to pay the ransom.

How did the attack take place?

The companies have explained through their joint messaging that despite all their machines having been protected by firewalls and antivirus software, some of their servers had been infected by malware before they were moved from one data centre to another. As such, those that were previously on separate networks were wired to access the companies’ internal network. That system, wrote the company, “is used to manage all of our servers”, with the hackers using it to eventually gain access to and encrypt CloudNordic and AzeroCloud’s central administration and backups. 

Martin Haslund Johansson, director of both hosting companies, explained in an interview to the Danish Radio4 he was “furiously sad” at the news of the attack, and that he does not expect there to be “any customers left when this is over”. Johansson explained that the company is doing everything it can to help its customers get back on the right track. 

The director of a company impacted by the breach, 5610eu, told the Danish radio station that the consequences were “unmanageable” so far. “Our customers can no longer find us,” Per Jakobsen” told Radio4. “There is no company left.”  

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Read More: Government’s ‘cloud first’ policy update urges more departments to use public cloud

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.