UPDATED 21:28 EDT / NOVEMBER 11 2019

SECURITY

Large ASP.NET hosting provider crippled in ransomware attack

ASP.NET hosting provider SmarterASP.NET was struck with ransomware on Saturday, continuing to affect customer sites into today.

The company, with more than 440,000 customers, didn’t provide many details as to the form of the attack. But it said in an announcement to customers that “your hosting account was under attack and hackers have encrypted all your data,” suggesting that many, if not all customers may have been affected.

“We are now working with security experts to try to decrypt your data and also to make sure this would never happen again,” SmarterASP.NET added. In a series of updates on its Facebook page, the company said it was restoring most accounts with 95% of accounts restored by around noon EST today. The attack also affected SmarterASP.NET’s website as well.

ASP.NET is an open-source web application framework created by Microsoft Corp., running on Windows, that enables developers to create web applications and services.

As ZDNet noted, although most users use the company to host ASP.NET sites, some also use the company’s servers as app backends where they synchronize or back up important data. There’s also some suggestion on social media that the Snatch ransomware may have been used in the attack.

Snatch ransomware is usually distributed via spam emails that contain infected attachments but has also been known to hack victims’ RDP ports and attempt to brute-force the password. After encrypting user data, Snatch typically asks for a ransom of $500 to $1,500 in bitcoin.

“Its threat actors are divided into different and disciplined groups, each with a particular area of technical expertise,” Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE. “Some are searching for susceptible victims with vulnerable infrastructure, others are launching the attack, while programming teams are continuously perfecting the malware.”

Kolochenko noted that payments in bitcoin and other cryptocurrencies make these gangs virtually immune from prosecution by law enforcement agencies.

“The growing complexity of IT infrastructure and clouded visibility of digital assets make effective cyberdefense virtually impossible today, providing attackers with a multitude of entry points from the Internet via abandoned web applications, forgotten test systems, unprotected cloud storage or just business-critical systems with weak passwords,” Kolochenko added. “These are perfect starting points to launch ransomware attacks.”

Image: SmarterASP.NET

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU