Connect with us

Hi, what are you looking for?



Hosting Provider CloudNordic Loses All Customer Data in Ransomware Attack

Danish cloud hosting provider CloudNordic says most customers lost all data after ransomware shut down all its systems and servers.

Danish cloud hosting services provider CloudNordic has announced that all its systems were rendered unusable following a ransomware attack.

The attack, the company explains in an incident notice on its website, started on Friday, August 18, and resulted in all its systems and servers being shut down.

“Websites, e-mail systems, customer systems, our customers’ websites, etc. Everything. A break-in that has paralyzed CloudNordic completely, and which also hits our customers hard,” reads the English translation of the announcement.

According to CloudNordic, the attackers took advantage of an ongoing transition to a new data center and likely leveraged an existing, dormant infection to encrypt all systems.

During the transition, previously separated servers were connected to the company’s internal network, providing the attackers with access to the central administration systems and the backup systems, including secondary ones.

“The attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data,” the cloud hosting firm explains.

CloudNordic says it has no plans to pay a ransom, although its investigation into the attack showed that it cannot recover the lost data.

Advertisement. Scroll to continue reading.

“Unfortunately, it has proved impossible to recreate more data, and the majority of our customers have thus lost all data with us. This applies to everyone we have not contacted at this time,” the company announced.

According to the company, the encryption was performed via the administration systems, and there is no evidence that the attackers had access to or exfiltrated any data from the compromised servers.

“Very large amounts of data were encrypted, and we have seen no signs that large amounts of data have been attempted to be copied out,” the company notes.

CloudNordic says it has started restoring new systems, including name servers, web servers, and mail servers, to help customers restore their services without moving their domains.

The company encourages customers to contact it via email to restore their domains, and to recover their email messages from the mail clients on their computers, if possible. CloudNordic also warns that the recovery process might take a very long time.

Related: Cybersecurity Companies Report Surge in Ransomware Attacks

Related: 1.5 Million Impacted by Ransomware Attack at Canadian Dental Service

Related: Dozens of Organizations Targeted by Akira Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.