SmarterASP.net, a web hosting provider with over 400,000 customers, was infected by ransomware over the weekend.
They are, at least, the third provider to be hit by such an attack.
Affected user web sites are down and the company’s website was also down.
Customers logging in might see a directory listing that looks like this
The encrypted files have the extension kjhbx, except for the ransom note below:
The company has not returned calls so it is unclear if they paid the ransom or are restoring from backups.
If this is like the previous hosting provider attacks, it will likely take weeks for them to restore all the data – if it all can be restored.
A2Hosting and iNSYNQ are two other hosting providers that were attacked earlier this year.
In 2017 South Korean hosting provider Nayana paid a ransom of over $1 million after they were attacked.
Hackers understand that if they can get a hosting provider to pay, the payday is likely a lot larger than attacking you or me. As a result, attacks against cloud service providers are likely going to continue.
There is no obvious notice on the company’s homepage of the attack and for good reason – it is not terribly good for business. They are likely hoping that this disappears off the radar and they can continue signing up customers. There is a note buried on the support site, here. It says don’t bother to call us or email us, we are kind of busy right now.
So what does this mean for you?
First of all, check your cloud provider’s contract that you signed – either without reading it or without caring. It probably says that they will not charge you while your web site is down. Beyond that, you are likely on your own. Maybe your contract is different, but I doubt it.
You can try suing them for damages, but in light of the contract, that probably will go no where.
*IF* you have cyber risk insurance WITH network business interruption coverage, you will probably be able to collect on your policy, but only if you have that coverage.
From some of the earlier attacks, it took the providers *WEEKS* to recover all the data – if they were able to recover it at all.
ARE YOU OKAY WITH YOUR WEB SITE BEING DOWN FOR A COUPLE OF WEEKS?
ARE YOU OKAY WITH SOME OTHER CLOUD SERVICE PROVIDER THAT IS KEY TO YOUR BUSINESS BEING DOWN FOR A COUPLE OF WEEKS?
ARE YOU OKAY WITH LOSING SOME OR ALL OF YOUR DATA FOREVER?
Assuming the answer to these questions is no, it is up to you to figure out a business continuity plan. Assuming your data is permanently gone, it is up you to figure out what to do.
We have read stories of some companies going out of business after one of these attacks because customers fled or they lost all of their data. These are the minority, but it does happen.
Plan for it now because dealing with it after the fact is no fun.
AND, your cloud service provider is likely not liable, other than not charging you for the service that you are not getting.
Information for this post came from ZDNet.