Criminals go full Viking on CloudNordic, wipe all servers and customer data

Trending 4 weeks ago

CloudNordic has told customers to see each of their information mislaid pursuing a ransomware infection that encrypted nan ample Danish unreality provider's servers and "paralyzed CloudNordic completely," according to nan IT outfit's online confession.

The intrusion happened successful nan early-morning hours of August 18 during which miscreants unopen down each of CloudNordic's systems, wiping some institution and customers' websites and email systems. Since then, nan IT squad and third-party responders person been moving to reconstruct punters' information — but arsenic of Tuesday, it's not looking great.

We're told that moreover nan backups were trashed arsenic good arsenic accumulation data. And CloudNordic isn't prepared to salary a ransom, presumably to reconstruct nan accusation and systems, to nan extortionists responsible for nan intrusion.

"We cannot and do not want to meet nan financial demands of nan criminal hackers for ransom," CloudNordic said successful an online notice, translated from Danish. 

"Unfortunately, it has proved intolerable to recreate much data, and nan mostly of our customers person frankincense mislaid each information pinch us," nan alert continued. "This applies to everyone we person not contacted astatine this time."

The self-proclaimed "Nordic unreality experts" said they reported nan onslaught to nan police.

And while nary of this is bully news to organizations that person now mislaid each of their website and email data, CloudNordic does connection a flimsy metallic lining: nan biz doesn't judge that nan criminals exfiltrated immoderate accusation earlier encrypting nan systems. 

"We person seen nary grounds of a information breach," nan unreality supplier claimed, adding:

CloudNordic says its "best estimate" is that nan infection happened arsenic servers were being moved from 1 datacenter to another.

Some of nan machines were apparently infected earlier nan move, and during nan transportation servers that had been connected abstracted networks were each connected to CloudNordic's soul network. This gave nan intruders entree to some nan cardinal administrative systems, storage, replication backup strategy and secondary backups, each of which they promptly encrypted for extortion.

  • Ivanti Sentry exploited successful nan wild, patches emitted
  • Leak of 75k worker records was insiders' fault, claims Tesla
  • FYI: There's different BlackCat ransomware version connected nan prowl
  • Don't conscionable spot your Citrix gear, cheque for intrusion: Two bugs exploited successful wild

As of today, nan CloudNordic said it's fresh to get customers' web and email servers — without information — backmost online, albeit without DNS astatine present. To reconstruct these services, nan patient says to email: pinch nan connection RESTORE successful nan taxable line. 

In nan assemblage of nan email, see your email address, telephone number, and domain, and CloudNordic will nonstop you login specifications for a caller website and email service.

However, nan supplier notes that it will return a "massive magnitude of time" to reconstruct each of these services, moreover without data, and arsenic specified it encourages "critically affected" customers to find caller providers "to minimize your downtime." 

Or, there's nan DIY option, which is nan "fastest method to get DNS moving again for your domain," CloudNordic said. Customers tin find detailed instructions for some options successful nan ransomware notification. ®