Danish cloud hosting provider CloudNordic ApS has been struck by a ransomware attack that resulted in most customer data being lost and its systems rendered unusable.

According to a statement on the company’s website, the ransomware attack took place on Aug. 18 local time, with those behind the attack shutting down all systems, including websites, email systems and customer support systems. In their words, the attack affected “everything” and “paralyzed CloudNordic completely.”

The attack occurred as the company moved servers from one data center to another. Despite the machines being moved being protected by security software, some of the machines were infected before the move, and when they were moved, they then infected the new data center. Unfortunately, the company had all of its internal systems in the new data center.

In this case, the ransomware spread via CloudNordic’s internal network, gaining access to central administration and backup systems. Via the backup system, the attackers then gained access to all storage, the replication backup system and the secondary backup system, encrypting data on every system it got to.

The form of ransomware was not disclosed, but regardless of its type, CloudNordic noted, it cannot and does not want to meet the ransom being demanded by the hackers. According to Danish media Wednesday, the attack has also affected hundreds of companies that used CloudNordic for their hosting.

“This is another example of cyber gangs strategically focusing on high-value targets like managed service providers where they can use data exfiltration to extort multiple organizations at once and increase the odds of ransom payment,” Darren Wiliams, founder and chief executive of ransomware protection company BlackFog Inc., told SiliconANGLE. “This means the aftermath of the attack will likely unfold over a prolonged period, similar to the MOVEit attacks.”

Kevin Kirkwood, deputy chief information systems officer at security intelligence firm LogRhythm Inc., noted that ransomware attacks continue to target businesses with substantial data.

“Effectively countering these cyberthreats demands thorough readiness and enterprises must adopt a proactive stance, investing in cybersecurity solutions capable of preemptively identifying malicious cyber activities and empowering network systems to repel further breach attempts,” Kirkwood said. “Additionally, firms should establish data backups, formulate response protocols, and prioritize staff training to manage attacks and sustain operations.”

But he noted that although backups aid in recovery, they can’t prevent data leaks. “Businesses should consistently prioritize prevention and detection tools, ensuring proper protective measures and comprehensive visibility across their network landscape,” he said. “Additionally, zero trust should be applied across all internal IT landscapes. Without it, organizations are only protected to the outside edge of their systems, and once attackers get in, they have free access across internal systems.”

Image: Bing Image Creator