Danish Cloud Hosting Company Targeted By Ransomware Attack

Two Danish cloud hosting providers, CloudNordic and AzeroCloud, have fallen victim to a devastating ransomware attack, leading to the irreversible loss of most of their customers’ critical data. The attack, which began on a fateful Friday night, has left these cloud hosting firms with no choice but to shut down all operations, leaving websites, email systems, and customer data inaccessible.

These twin brands, under the umbrella of Certiqa Holding, revealed that the ransomware onslaught had plunged them into disarray, with recovery efforts proving an uphill battle. As of the latest update, their IT teams have only partially restored specific servers, a grim reminder of the uphill battle against the relentless threat operators. A resounding note of determination echoed from the firms’ statements as they unequivocally declared that they would not bow to the cybercriminals’ demands, refusing to pay the ransom. Instead, they sought assistance from cybersecurity professionals and promptly reported the breach to the authorities.

Ransomware Tactic on the Cloud Hosting Company

However, the fight to restore normalcy has been fraught with challenges for the cloud hosting company. CloudNordic lamented that despite the tireless efforts of their IT team and external professionals, data recovery has been far from successful. This catastrophic outcome has resulted in a heart-wrenching realization: most customers have lost their precious data. In the aftermath, CloudNordic and AzeroCloud have guided potential recovery strategies, including resorting to local backups and utilizing the Wayback Machine archives. However, the true gravity of the situation became apparent when heavily impacted customers were advised to seek alternative providers, like Powernet and Nordicway, underlining the severity of the data loss crisis.

The threat operators’ strategy of infiltrating cloud hosting providers has previously demonstrated its efficacy, caused widespread disruption, and ensnared numerous victims in a single blow. This can potentially force providers into a corner where they feel compelled to meet the threat operators’ demands to avoid potential legal actions from disgruntled customers. The attack’s method revealed a chilling sophistication, as the threat operators managed to breach the systems despite robust protective measures like firewalls and antivirus software. Exploiting a data center migration, the threat operators gained access to the heart of the administrative infrastructure, eventually infiltrating data storage silos and backup systems.

Ransomware Impact on the Cloud Hosting Company

The scale of the encryption was breathtaking, as the criminals systematically encrypted primary data and secondary backups, eliminating any hopes of recovery. However, a glimmer of hope emerged as CloudNordic’s statement indicated that, at least as per the evidence collected, the threat operators didn’t appear to have exfiltrated or accessed the data itself. Nonetheless, this ordeal has wreaked havoc on numerous Danish businesses, with reports indicating that “several hundred Danish companies” have fallen victim to this relentless attack. The impact has been vast, leaving companies bereft of websites, emails, and essential documents stored in the cloud. As the recovery efforts continue, CloudNordic’s director expressed grim expectations. The director does not foresee customers remaining with the cloud hosting providers as recovery concludes, a testament to the daunting uphill battle these firms face in restoring trust and services.

This incident is a stark reminder of the relentless nature of cyber threats and the critical importance of robust cybersecurity practices. It underscores the urgent need for organizations to bolster their defenses against ransomware attacks and fortify their disaster recovery strategies to mitigate the potentially devastating consequences of such breaches. As the digital landscape continues to evolve, the resilience of businesses in the face of such attacks becomes an imperative for survival.

The SpearTip team recognizes that security challenges in the cloud are different from challenges with on-premises solutions. Our vast experience and proven methodology provide our partners with a comprehensive picture of the risks in companies’ cloud infrastructure and the remediation steps for each. We focus on security misconfigurations and deviations, including reviewing account privileges and analyzing current logging details from recommended cloud security architecture. As an approved Microsoft Azure and Preferred AWS partner, SpearTip’s experience deepens into the cloud to prepare companies against a security incident.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.