Home / News / Ransomware attacked a major ASP.NET provider

Ransomware attacked a major ASP.NET provider

A major ASP.NET provider, SmarterASP.NET, which serves more than 440,000 customers, was attacked by a ransomware during this weekend. As a result, all data on the client servers was encrypted.

Representatives of SmarterASP.NET claim that they are already working on recovering user data, but it is unclear whether the company paid the ransom to attackers or whether the restoration is made from backups.

“Your hosting account was under attack and hackers have encrypted all your data. We are now working with security experts to try to decrypt your data and also to make sure this would never happen again”, — said SmarterASP.NET in a statement.

ZDNet reporters note that recovery is slow: many customers still do not have access to their accounts and information. Unfortunately, everything turned out to be encrypted, including site files and databases.

Although most users used SmarterASP.NET to host ASP.NET resources, some also entrusted the company’s backend servers with applications where they synchronized or backed up important data. As a result, because of the fact that the backend database has also suffered, many clients are not able to transfer the affected services to an alternative infrastructure.

Read also: Magento may deprive support of more than 200 thousand sites

It is worth noting that the attack affected not only customer information, but also the infrastructure of the provider itself. Therefore, the company’s website was unavailable throughout Saturday and only recently returned to full service. Apparently, a full recovery may take several weeks for SmarterASP.NET specialists.

The ZDNet publication writes that, judging by the screenshots of their social networks, which can be seen below, the attack on SmarterASP.NET was carried out using the Snatch ransomware, which changes the file extensions to .kjhbx. However, there is no official confirmation of this yet.

“SmarterASP.NET is the third hosting provider that was hit this year. The first was A2 Hosting in May. A2, a well-known provider of Windows Servers, had servers in Asia and North America encrypted by a version of the GlobeImposter 2.0 ransomware strain. The second web hosting provider hit this year was iNSYNQ, a cloud computing provider of virtual desktop environments. The company was infected in mid-July by a version of the MegaCortex ransomware”, — write ZDNet journalists.

It is not surprising that attackers aimed at the hosting provider. After all, the largest ransom in history after an encryptor attack was paid by the hoster: in the summer of 2017, the South Korean Internet Nayana hoster also suffered from an encryptor attack and was forced to pay the ransomware. Finally, it has spent almost half a million US dollars on bitcoins for data recovery.
[Total: 0    Average: 0/5]
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Iranian hackers use ZeroCleare

Iranian hackers used new ZeroCleare malware

IBM experts have revealed a new malware ZeroCleare, which created and used Iranian hackers. ZeroCleare …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.