Criminals wipe all CloudNordic servers and customer data

According to a CloudNordic notice to customers, criminals have encrypted all servers and customer data and the company says it can’t and will not pay the ransom demand. 

CloudNordic has advised its customers to prepare for the possibility of complete data loss due to a recent ransomware attack. The attack, which occurred on Friday August 18, severely impacted CloudNordic’s operations, leading to a shutdown of their servers and data loss for both the company and its clients. 

During the attack, malicious actors targeted CloudNordic’s systems, resulting in the deletion of company data and customer websites and email systems. Since then, CloudNordic’s IT team, along with third-party responders, has been working to recover customer data, but the chances of success are diminishing. 

In a statement, CloudNordic explained, “Unfortunately, it has proven difficult to recover most of the data, and many of our customers have likely lost their data with us unless they have been contacted individually.” 

CloudNordic suspects that the attack occurred during a server migration from one data center to another. Some servers were infected before the move, and during the transfer, servers from different networks were connected to CloudNordic’s internal network. This allowed the attackers to access administrative systems, storage, replication backup systems, and secondary backups, which were then encrypted for ransom. 

As of now, CloudNordic is working on restoring customer web and email servers, but data recovery remains a challenge, and DNS services are still unavailable.

Steve Hahn, Executive VP, BullWall had this comment:   

“Migrations are when companies are at their most vulnerable. Whether it’s the Dallas Police a few years back, who lost terabytes of data during a migration, throwing cases and convictions into to chaos, or latent cyber attacks that are triggered during the migration, companies need a containment, backup and security plan in place long before the migration occurs. During one of these large scale migrations we often see ports opened, applications white listed, security services may be suspended and people are generally more at risk to social engineering strategies,    

“The attack vectors multiply by the100’s during these migrations and our data is at its most vulnerable state. Often companies put security projects on hold to “focus” on these migrations, when precisely the opposite should occur. The migration should be put on hold until the security controls are firmly in place and tested.”  

Willy Leichter, PV of Marketing, Cyware follows with this:    

“While it is good to see Viking toughness in refusing to pay a ransom, it’s easier to take this stance when you have no other options. This is a tragic example of how vulnerable many smaller service providers can be, and customers need to always beware – don’t depend on one service provider with your valuable data – if they get wiped out, so does your data.”

Backup, Backup, Backup! It doesn’t matter if your data is local or in the cloud. You need a backup because if you get pwned locally or in the cloud, you will need that backup.

Leave a Reply

%d bloggers like this: