Denmark-based hosting service provider CloudNordic has suffered a devastating ransomware attack, which paralyzed the company’s infrastructure, including websites and email systems, as well as its customers’ systems.
“We are deeply affected by the situation, and are aware that the attack is also very critical for many of our customers. In addition to data, we also lost all our systems and servers and have had difficulty communicating. We have now re-established blank systems, e.g. name servers (without data), web servers (without data) and mail servers (without data),” the company said in a statement.
The intrusion took place on August 18, 2023, and since then the IT team and third-party experts have been trying to assess the damage and recover the data. However, the company warned that “the majority of customers have lost all data with us.”
The CloudNordic team explained that the attackers managed to gain access to the company’s internal systems via a compromised machine previously infected with malware. From there, the intruders accessed central administration systems and backup systems. Through the backup system, they got access to all data stored by the company, the replication backup system, and the secondary backup system.
“The attackers succeeded in encrypting all servers' disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data,” the company said, noting that it has no financial means nor intention to pay a ransom demand.
CloudNordic also said it has no evidence that any data was stolen.