Ransomware encryption devastates CloudNordic, customer data lost


Danish cloud provider CloudNordic has suffered a devastating ransomware attack that left most customer data irretrievable. Its systems have been shut down and the company is facing bankruptcy.

The attack happened during the night of Friday, 18th of August, the company messaged its customers in a letter.

The attackers managed to install ransomware and shut down all systems, including websites, email servers, customer systems, etc.

ADVERTISEMENT

“Everything. A break-in has paralyzed CloudNordic completely and also hits our customers hard,” wrote the company, which recently advertised itself as the “Nordic Cloud Experts.”

The company announced that it “cannot and does not want to meet the financial demands of the criminal hackers for ransom.”

CloudNordic’s team and external experts “have been working hard to get an overview of the damage and what was possible to recreate.”

“Unfortunately, it has proved impossible to recreate more data, and the majority of our customers have thus lost all data with us. This applies to everyone we have not contacted at this time.”

The incident has already been reported to the police.

website-old-version
CloudNordic website before the attack. Image by web.archive.org

The company re-established blank systems – such as name servers, web servers, and mail servers – without data, but acknowledges that there’s not much that can be done for the lost emails.

No compensation is offered to customers in this “unforeseen situation”.

ADVERTISEMENT

“We fully understand that many of our customers have suffered significant losses, and we are of course deeply sorry for this,” the company writes. “Unfortunately, we can't offer any compensation for the losses. According to our terms of trade, we are not responsible for any data loss. We recommend that you contact your own insurance company to hear about the opportunities for compensation.”

While the company is promising to work hard to resolve the situation and support its customers, it’s also evaluating the possibility of declaring bankruptcy with advisors.

“At the moment, we are not bankrupt, but it may become a reality in the future.”

How did the attack happen?

CloudNordic says that hackers gained full access due to server relocation to another data center. Some previously infiltrated servers were then housed in the same network, and attackers were able to penetrate the management systems, backup systems, and secondary backup systems and encrypt the data.

“Despite the fact that the machines that were moved were protected by both firewall and antivirus, some of the machines were infected before the move, with an infection that had not been actively used in the previous data center, and we had no knowledge that there was an infection,” the company writes.

The attackers succeeded in encrypting all disks in the server, as well as the primary and secondary backup systems. Then all machines crashed and the company lost access to all data.

As suggested by evidence, no data breach happened, only encryption occurred, according to the defunct cloud provider. The company did not notice any attackers accessing any data content, only administration systems from which the ransomware attack happened.

“Very large amounts of data were encrypted, and we have seen no signs that large amounts of data have been attempted to be copied out.”

ADVERTISEMENT