Danish Hosting Companies Lose Customer Data in Ransomware Attack
Danish hosting companies CloudNordic and AzeroCloud suffered ransomware attacks that resulted in the loss of most of their customer data. Both companies, which are part of the same parent company, have shut down all of their systems while recovering from the incident. The attack occurred late last week; as of Wednesday, August 23, IT teams have restored some servers, but no data.
Do you have a plan if your cloud storage disappears? With no control over how the storage is managed, companies put a lot of trust into cloud storage providers to keep their data safe not just from ransomware, but also from other disasters like fires or weather events.
Important lessons learned here. Note that as part of transitioning to a new data center, server (admin) interfaces were connected to an internal network, providing access previously denied, allowing the attack. The good news is it doesn't appear that data was exfiltrated, just encrypted. The bad news is they are going to need every trick in the book to recover. Have you considered what would happen if your providers were similarly compromised? Are you solely reliant on their backup procedures or do you have another copy just in case?
This ransomware attack will have a dramatic effect on company future earnings. Firewalls and anti-virus, in and of themselves, are not enough to protect an enterprise. One must have an established cybersecurity program aligning to a cybersecurity framework, with active monitoring and measuring against the framework. There are lots of lessons to be learned here that will be beneficial to cybersecurity professionals and company boards.