SmarterASP.NET which is an ASP.NET hosting provider having more than 440,000 customers, was affected by a ransomware.
The company is working with security experts to restore the customer’s servers and it is not known whether they have paid the ransom or not. The company’s phone line was down, citing an influx of calls.
As per the message by the company, they have confirmed the attack and stated that the hackers have encrypted all the user data. They have assured that this would never happen again.
The attack not only hit the customer data, but also SmarterASP.NET itself. The company’s website was down all day and was back online the next day.
As the server recovery efforts are going slow, many customers still do not have access to their accounts and data. Those customers who were able to access their account said that their data is still encrypted, including website files and backend databases.
Most of the users use SmarterASP.NET for hosting ASP.NET sites, while some use the company’s servers as app backends, where they were synchronizing or backing up important data. The backend databases being affected together with the public-facing web servers, have prevented many from moving impacted services to alternative IT infrastructure.
All customer files have been encrypted by a version of the Snatch ransomware that encrypts files with a “.kjhbx” file extension.
This is the third major hosting provider that was attacked this year by breaching their network and encrypting data on customer servers. The first was A2 Hosting which is a well-known provider of Windows Servers, had servers in Asia and North America encrypted by a version of the GlobeImposter 2.0 ransomware strain.
The second web hosting provider that was hit this year was iNSYNQ, a cloud computing provider of virtual desktop environments. The company was infected by a version of the MegaCortex ransomware.
Both the companies took weeks to restore and fully recover customer data. Taking into account the size of the customer base, SmarterASP.NET also might take a similar recovery timeline.
The ransomware attackers are more interested to infect web hosting providers as the largest ransomware payment ever made came from a web hosting provider.
It was a South Korean web hosting firm Internet Nayana, which paid 1.3 billion won ($1.14 million) worth of bitcoins to a hacker following a ransomware incident in June 2017.