ITBusiness.ca

A cautionary tale: The tragic case of two Danish hosting firms who lost all their clients’ data

Image credit: Getty Images

Cybersecurity incidents of all kinds happen frequently, but one of the most extreme occurred in mid-August, when two Danish cloud hosting firms – CloudNordic and AzeroCloud – paid the ultimate price following a ransomware attack: both organizations ceased to exist.

What happened to the two, says Bobby Cornwell, vice president of strategic partner enablement and integrations at cybersecurity vendor SonicWall, could have been avoided had proper measures and strategies been in place.

Instead, according to an article that appeared in Data Center Dynamics, after the attack they released the following statement: “Unfortunately, during the night of Friday 18-8-2023 at 04:00, CloudNordic/AzeroCloud was exposed to a ransomware attack, where criminal hackers shut down all systems. Websites, e-mail systems, customer systems, our customers’ websites, etc. Everything. A break-in that has paralyzed CloudNordic/AzeroCloud completely, and which also hits our customers hard.”

The article went on to say that Danish press reported that “hundreds” of companies had been impacted. Martin Haslund Johansson, director of the two firms, told Denmark’s Radio4 he was “furiously sad,” adding that “”I don’t expect that there will be any customers left with us when this is over.”

A translated version of another article that appeared on the web site of Radio4, a news and talk station, revealed the following: “Right now, the cyberattack is making life really difficult for the many medium-sized and smaller companies, because the attack has meant that they have lost … everything they have stored in their so-called cloud.”

Of note is that the perpetrators set the ransom at six bitcoins, which in August was valued at US$157,000, but a decision was made not to pay.

In a blog posted soon after the incident, Ofir Ashman, senior director of security research and intelligence at cybersecurity vendor ThreatStop Inc., wrote, “this devastating cyber attack resulted in the complete loss of most customers’ data and a total shutdown of the entire system infrastructure. The attack not only impacted the hosting providers themselves, but also left a trail of destruction among their numerous customers.

“The hosting providers’ principled stance against paying the ransom, besides the ultimate inability to restore customer data and the severe impact that created, underscores the challenge of handling ransomware attacks without conceding to cybercriminals. The repercussion of the attack cascaded into CloudNordic and AzeroCloud’s vast customer base. Hundreds of Danish firms were left grappling with the aftermath as they lost all cloud-stored data, including emails, documents and websites.”

Cornwell, who is based out of Atlanta Ga., contends that “this company had to be in some kind of turmoil, otherwise why would you let your entire customer base go like that?”

He also speculated that the fact that both companies would be subject to strict European laws may have also been a factor in not paying any ransom. “If someone breaches your system, you are at fault. I have to assume that if these guys did pay the ransom and found out the corporate data was indeed breached in some way, shape or form, the amount of fines were going to  be 10-to-20-fold more that what the cost of the ransom would have been.”

The attack conceivably would not have happened, he said, with adequate security measures in place.

“You have to have a layered approach. Most every government in the world has a layered network. And the reason why they have a layered network is because they’re targeted and so they want to build checks and balances.”

The same approach is used by large organizations, he added: “I can’t just walk into Bank of America’s downtown Atlanta big corporate office, because I have to go through so many different layers of security, just to get into the elevator. Why is that? Because they want to make sure that one person doesn’t make a mistake and let some bad actor in.

“Why is your network any different? Your network is the front door of your data, and if that’s all your customers information in the backend, why would you only have a single doorway? That’s where I think a lot of companies tend to make that mistake. They tend to put all their eggs in one basket, and they don’t layer it.”

Ashman wrote that the attack serves as a “cautionary tale for businesses, highlighting the disastrous consequences that may occur as a result of inadequate cybersecurity measures. This devastating attack has had a profound impact on both the companies and their extensive customer base, resulting in the loss of crucial data and significant disruptions to operations.

“Cloud hosting providers must keep their security commitment to customers and ensure the protection of their data and systems. As ransomware continues to rise and expand, the importance of vigilance, resilience, and proactive security strategies becomes ever more evident.”

Exit mobile version