All data lost! Cloud hosting company customers lose all their data following ransomware attack

A ransomware attack against two sister cloud hosting companies resulted in a total loss of all the data they were holding for their customers. 

CloudNordic, and Azero, both owned by the Danish firm Certiqa Holding, posted an announcement on their websites stating that they had fallen victim to a ransomware attack in the early morning of Friday 18, 2023.

The attack resulted in the shutdown of all of their systems, including the websites, email servers, as well as encrypted customer data.

No data exfil, too

“The attackers managed to encrypt all servers' disks, as well as on primary and secondary backup systems, whereby all machines crashed and we lost access to all data,” CloudNordic said on its website (machine translated).

To add insult to injury, the attackers didn’t even do what they usually do - steal the data before encrypting it. CloudNordic says there’s no evidence of the data being exfiltrated beforehand, meaning that it’s very much lost for good. The identity of the threat actor is unknown, and so is the demanded sum. Whatever the sum is, the victim decided not to pay, partly because they apparently didn’t have the money. 

So far, no ransomware operators assumed responsibility for the attack.

CloudNordic is not yet entirely certain how the attackers compromised its systems, but speculates that it has to do with the migration of its servers from one data center to another. During that migration, a previously compromised endpoint was connected to a separate network that had access to its internal endpoints, ending in disaster. 

“Through the internal network, attackers gained access to central administration systems and backup systems,” the company concluded. 

At press time, both companies were unresponsive to media inquiries. On its website, CloudNordic said that communication has been made difficult.