The Copenhagen-based cloud host CloudNordic says most of its customers have “lost all data with us” following a ransomware attack on its data center systems, including its backups. The company said the ransomware attack began Friday, 18 August, during which cybercriminals “shut down all systems,” including its website and email, and encrypted customer systems and websites.
In a notice on its website translated from Danish, CloudNordic said: “The attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data.”
According to the notice, CloudNordic said its "best estimate" is that the infection happened as servers were being moved from one datacenter to another. Some of the machines were apparently infected before the move, but then during the transfer, servers that had been on separate networks were all connected to CloudNordic's internal network. This gave the intruders access to both the central administrative systems, storage, replication backup system and secondary backups, all of which they promptly encrypted for extortion.
Despite the attack and loss of data, CloudNordic has found no evidence of a data breach.
