Danish cloud hosting companies CloudNordic and AzeroCloud are suffering an ongoing combined ransomware attack that has led to a catastrophic loss of customer data, according to announcements from both companies. Both cloud providers have been forced to shut down all email and customer sites. The hackers have set a ransom of six Bitcoins, or $157,000, for the data to be restored.
The attack took place on Friday 18 August. The attackers, who remain unidentified, were able to hack into network-linked cloud servers used by both companies during a migration to another data centre. This enabled the hackers to access backup systems and entire data storage silos, leading to total server disk encryption.
While IT teams have managed to get some servers back online, no data has yet been restored. In the place of its homepage, a notice from CloudNordic written in Danish explains that the attack had “paralysed” the company. The message continues that, while the effects of the attack are devastating, the companies are unable and unwilling to pay the ransom demanded by the hackers. They added that it has proved impossible to restore data lost in the breach and, consequently, it appears the erasure may be permanent.
CloudNordic stated that it remains in contact with local law enforcement, who advised the companies not to pay the ransom.
How did the attack take place?
The companies have explained through their joint messaging that despite all their machines having been protected by firewalls and antivirus software, some of their servers had been infected by malware before they were moved from one data centre to another. As such, those that were previously on separate networks were wired to access the companies’ internal network. That system, wrote the company, “is used to manage all of our servers”, with the hackers using it to eventually gain access to and encrypt CloudNordic and AzeroCloud’s central administration and backups.
Martin Haslund Johansson, director of both hosting companies, explained in an interview to the Danish Radio4 he was “furiously sad” at the news of the attack, and that he does not expect there to be “any customers left when this is over”. Johansson explained that the company is doing everything it can to help its customers get back on the right track.
The director of a company impacted by the breach, 5610eu, told the Danish radio station that the consequences were “unmanageable” so far. “Our customers can no longer find us,” Per Jakobsen” told Radio4. “There is no company left.”