News

Ransomware attacked a major ASP.NET provider

A major ASP.NET provider, SmarterASP.NET, which serves more than 440,000 customers, was attacked by a ransomware during this weekend. As a result, all data on the client servers was encrypted.

Representatives of SmarterASP.NET claim that they are already working on recovering user data, but it is unclear whether the company paid the ransom to attackers or whether the restoration is made from backups.

“Your hosting account was under attack and hackers have encrypted all your data. We are now working with security experts to try to decrypt your data and also to make sure this would never happen again”, — said SmarterASP.NET in a statement.

ZDNet reporters note that recovery is slow: many customers still do not have access to their accounts and information. Unfortunately, everything turned out to be encrypted, including site files and databases.

Although most users used SmarterASP.NET to host ASP.NET resources, some also entrusted the company’s backend servers with applications where they synchronized or backed up important data. As a result, because of the fact that the backend database has also suffered, many clients are not able to transfer the affected services to an alternative infrastructure.

Read also: Magento may deprive support of more than 200 thousand sites

It is worth noting that the attack affected not only customer information, but also the infrastructure of the provider itself. Therefore, the company’s website was unavailable throughout Saturday and only recently returned to full service. Apparently, a full recovery may take several weeks for SmarterASP.NET specialists.

The ZDNet publication writes that, judging by the screenshots of their social networks, which can be seen below, the attack on SmarterASP.NET was carried out using the Snatch ransomware, which changes the file extensions to .kjhbx. However, there is no official confirmation of this yet.

“SmarterASP.NET is the third hosting provider that was hit this year. The first was A2 Hosting in May. A2, a well-known provider of Windows Servers, had servers in Asia and North America encrypted by a version of the GlobeImposter 2.0 ransomware strain. The second web hosting provider hit this year was iNSYNQ, a cloud computing provider of virtual desktop environments. The company was infected in mid-July by a version of the MegaCortex ransomware”, — write ZDNet journalists.

It is not surprising that attackers aimed at the hosting provider. After all, the largest ransom in history after an encryptor attack was paid by the hoster: in the summer of 2017, the South Korean Internet Nayana hoster also suffered from an encryptor attack and was forced to pay the ransomware. Finally, it has spent almost half a million US dollars on bitcoins for data recovery.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Recent Posts

Remove News-bpudepi.today pop-up ads (Virus Removal Guide)

News-bpudepi.today is a domain that tries to trick you into subscribing to its browser notifications…

21 hours ago

Remove Doguhtam.xyz pop-up ads (Virus Removal Guide)

Doguhtam.xyz is a site that tries to trick you into subscribing to its browser notifications…

21 hours ago

Remove News-xlixoti pop-up ads (Virus Removal Guide)

News-xlixoti.com is a site that tries to force you into subscribing to its browser notifications…

21 hours ago

Remove Ducesousightion pop-up ads (Virus Removal Guide)

Ducesousightion.com is a domain that tries to trick you into clik to its browser notifications…

21 hours ago

Remove News-xlabica.live pop-up ads (Virus Removal Guide)

News-xlabica.live is a domain that tries to trick you into clik to its browser notifications…

21 hours ago

Remove Mergechain.co.in pop-up ads (Virus Removal Guide)

Mergechain.co.in is a site that tries to trick you into subscribing to its browser notifications…

21 hours ago