CloudNordic, a prominent Danish cloud provider, has informed its clients that they should anticipate the loss of their complete data due to a ransomware attack that encrypted the company's servers. This attack has left CloudNordic “completely paralyzed,” as stated in their online announcement.
Details of the Attack
The cyberattack occurred in the early hours of August 18 where attackers managed to shut down all of CloudNordic's systems, erasing both the company's and its customers' websites and email systems. Since the attack, the IT team, along with third-party responders, have been striving to restore the lost data. However, as of now, the prognosis remains grim.
CloudNordic's official statement, translated from Danish, reads: “We cannot and do not want to meet the financial demands of the criminal hackers for ransom.” The company further added, “Unfortunately, it has proved impossible to recreate more data, and the majority of our customers have thus lost all data with us. This applies to everyone we have not contacted at this time.”
No Data Breach Detected
Despite the severe implications of the attack, CloudNordic offers a glimmer of hope. The company believes that the attackers did not exfiltrate any data before encrypting the systems. “We have seen no evidence of a data breach,” the cloud provider mentioned in their statement.
Possible Cause of the Attack
CloudNordic suspects that the ransomware infection might have occurred while servers were being transferred from one data center to another. Some servers were potentially compromised before the move. During the transition, servers that had previously been on separate networks were inadvertently connected to CloudNordic's internal network. This misstep provided the attackers with access to central administrative systems, storage, replication backup systems, and secondary backups. The attackers swiftly encrypted these systems for extortion purposes.
Moving Forward and Official Apology
CloudNordic has initiated steps to restore web and email servers, albeit without the original data. They have advised customers to email [email protected] with the word “RESTORE” in the subject line to facilitate this process. However, the company acknowledges that restoring all services, even without the original data, will be a time-consuming endeavor. They have thus recommended “critically affected” customers to seek alternative providers to reduce downtime. For those who prefer a hands-on approach, CloudNordic has provided detailed instructions on their website for restoring DNS functionality.
The company deeply regrets the situation and has expressed gratitude to its loyal customers for their continued support over the years. The cyberattack has been reported to the police, and investigations are ongoing.