A recent ransomware attack out of Denmark illustrates how sensitive data migrations are for hosting providers, and how a business can potentially be ended by a crippling blow at the wrong time.
Both hosting providers saw most of their stored customer data wiped out, and appear to not have had adequate offline backups in place to recover. After ruling out paying the ransom as an option, the companies are now left with only some of their servers online and a lot of customers that have migrated to competitors.
Hosting providers slammed during data migration
The two hosting providers were of a modest size, collectively hosting hundreds of Denmark’s business websites. The majority of those customers must now turn to either offline backups or the Wayback Machine to recover their sites, and many are likely headed to other hosts leaving the future of the two businesses very much in question.
Both hosting providers were completely shut down for several days following the ransomware attack. The two businesses likely had at least some adequate level of protection from cyber attacks, given that they are owned by a company that also owns a cybersecurity firm. The problem in this case was a data migration gone wrong. At least one server was compromised, and when it was connected to the entire network it then appeared to compromise absolutely everything. The hosting providers are not reporting any stolen data, but the ransomware attack encrypted all customer backups along with pretty much everything else.
It’s possible that the massive damage done by the ransomware attack was a result of old malware that happened to be on one particular server, but it could have also been planned. Data migrations are a popular time for hackers to strike. This is because organizations often suspend security elements temporarily to facilitate certain functions, or purely in the name of convenience. Generally speaking, dozens of new avenues of attack tend to appear during data migrations that are not normally present.
Ransomware attacks stubbornly remain as a leading cybercrime threat
While ransomware was king through most of the Covid-19 pandemic, we have seen some small trends away from ransomware attacks among the major players in cyber crime as insurance funds start to dry up: an increasing preference for business email compromise, major ransomware groups switching to a “data extortion only” approach, and a reduced interest in chasing zero-day vulnerabilities (in favor of simply phishing employees or buying company credentials). It is still one of the top threats, however, and resurgences keep demonstrating that it is going nowhere anytime soon.
Ransomware attacks remain prevalent in industries and sectors known for holding large amounts of salable sensitive personal data, like health care and finance. But as the incident with these relatively small hosting providers illustrates, they can pop up anywhere a vulnerability is present. So long as they continue, the standard advice that has been in place for years holds: have both online and offline backups, regularly train staff with simulated phishing attempts and response plan drills, and implement multi-factor authentication (and potentially Zero Trust) wherever appropriate.