Danish cloud hosting services provider CloudNordic has announced that all its systems were rendered unusable following a ransomware attack.
The attack, the company explains in an incident notice on its website, started on Friday, August 18, and resulted in all its systems and servers being shut down.
“Websites, e-mail systems, customer systems, our customers’ websites, etc. Everything. A break-in that has paralyzed CloudNordic completely, and which also hits our customers hard,” reads the English translation of the announcement.
According to CloudNordic, the attackers took advantage of an ongoing transition to a new data center and likely leveraged an existing, dormant infection to encrypt all systems.
During the transition, previously separated servers were connected to the company’s internal network, providing the attackers with access to the central administration systems and the backup systems, including secondary ones.
“The attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data,” the cloud hosting firm explains.
CloudNordic says it has no plans to pay a ransom, although its investigation into the attack showed that it cannot recover the lost data.
“Unfortunately, it has proved impossible to recreate more data, and the majority of our customers have thus lost all data with us. This applies to everyone we have not contacted at this time,” the company announced.
According to the company, the encryption was performed via the administration systems, and there is no evidence that the attackers had access to or exfiltrated any data from the compromised servers.
“Very large amounts of data were encrypted, and we have seen no signs that large amounts of data have been attempted to be copied out,” the company notes.
CloudNordic says it has started restoring new systems, including name servers, web servers, and mail servers, to help customers restore their services without moving their domains.
The company encourages customers to contact it via email to restore their domains, and to recover their email messages from the mail clients on their computers, if possible. CloudNordic also warns that the recovery process might take a very long time.
Related: Cybersecurity Companies Report Surge in Ransomware Attacks
Related: 1.5 Million Impacted by Ransomware Attack at Canadian Dental Service
Related: Dozens of Organizations Targeted by Akira Ransomware