Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
CloudNordic and AzeroCloud, Danish hosting firms specializing in cloud services, have been hit hard by ransomware attacks, causing widespread data loss and operational disruptions. The companies are steadfast in their decision not to pay the ransom demanded by the hackers.
Further Context
The attack seems to have targeted servers during a data center migration. During the server relocation, these systems were housed in a common network, so that the attackers were finally able to penetrate the management systems and compromise critical administrative systems, data storage, as well as backup systems.
The threat actors encrypted server disks, rendering primary and secondary backups useless. However, there’s no indication that the attackers accessed or exfiltrated data from the compromised machines.
CloudNordic and AzeroCloud have advised severely affected customers to consider migrating to alternative service providers to minimize downtime. While the restoration process is ongoing, it’s expected to be time-consuming, and many services have been brought back online without data.
Ominous Reminder
The incident highlights the persistent threat of ransomware attacks on hosting providers, which can have far-reaching consequences for numerous businesses relying on cloud services. Such attacks have the potential to lead providers to pay ransoms to restore operations and avoid legal repercussions.
It’s worth noting that both companies have engaged security experts and reported the attacks to the authorities. However, the challenge of data recovery remains a significant hurdle, leaving many customers grappling with the aftermath of the breach.
A Word from Heimdal®
Implementing these next crucial strategies can bolster defenses against ransomware attacks, safeguarding hosting providers and businesses from devastating consequences.
- Incident Response Planning: Develop a well-defined incident response plan to reduce response time and ensure quick action in case of a ransomware attack.
- Avoid Ransom Payment: Refrain from paying ransoms as it encourages attackers. There’s no guarantee of receiving a decryption key, and data may remain damaged.
- Isolate Infected Endpoints: Disconnect infected endpoints from the network to halt the ransomware’s spread.
- Trace the Attack: Identify the initial infection point and track the attack’s progression.
- Identify Ransomware Strain: Recognize the specific ransomware strain to use appropriate decryption tools.
- Implement Zero-Trust: Apply a zero-trust approach to enforce the principle of least privilege across systems, databases, cloud platforms, and applications.
- Report to Authorities: Report the attack to authorities for statistics and compliance purposes.
- Remove Malware: Use Safe Mode to remove ransomware using anti-malware software. Employ ransomware decryption tools to decrypt files; removal doesn’t automatically decrypt them.
- Patch and Update: Conduct a security audit and update systems post-attack. Invest time and resources to ensure comprehensive security and safeguard data.
- Data Recovery: Restore data from backups using the 3-2-1 approach: maintain three copies on two storage types, with one copy stored off-site. Prioritize data preservation and recovery over ransom payment.
For a complete deep dive, check out our article on How to Mitigate Ransomware.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
