Danish cloud host says customers ‘lost all data’ after ransomware attack
Cloud host CloudNordic says most of its customers have “lost all data with us” following a ransomware attack on its data center systems, including its backups.
The Denmark-based cloud company said the ransomware attack began Friday, during which cybercriminals “shut down all systems,” including its website and email, and encrypted customer systems and websites.
In a notice on its website translated from Danish, CloudNordic said: “The attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data.”
CloudNordic said that while customer data was scrambled in the attack, there was no evidence that customer data was copied out or exfiltrated from its systems, as is a common tactic for ransomware and extortion groups. The company said that in any case it did not have money to pay the hackers’ unspecified ransom demand, nor would it pay.
The cloud host said that it believes the hackers had access to the company’s administrative systems “from which they could encrypt entire disks.”
“Unfortunately, it has proved impossible to restore more data, and the majority of our customers have thus lost all data with us,” the translated statement on its website reads.
It’s not clear how the ransomware attack began, but the company said that the attack happened — or was at least exacerbated — by moving infected systems from one data center to another data center that was “unfortunately wired to access our internal network that is used to manage all of our servers.” CloudNordic said that it “had no knowledge that there was an infection.”
“Via the internal network, the attackers gained access to central administration systems and the backup systems.”
At the time of writing, no ransomware group has appeared to publicly acknowledge or take credit for the cyberattack.
Customers with Azero are also affected, according to an identical notice on its website. CloudNordic and Azero are owned by Denmark-registered Certiqa Holding, which also owns Netquest, a provider of threat intelligence for telcos and governments.
Both CloudNordic and Azero said they were working to rebuild customers’ web and email systems from scratch, albeit without their data.
CloudNordic could not be reached for comment. Its website notice said that the company had difficulty in communicating. An email with questions about the incident bounced back with an error message saying the message could not be delivered.
Do you know more about the CloudNordic and Azero ransomware attack? You can contact Zack Whittaker on Signal at 1 646-755-8849 or firstname.lastname@example.org. You also can share files and documents with TechCrunch via our SecureDrop.
I’m a journalist who specializes in investigative reporting and writing. I have written for the New York Times and other publications.