Ransomware attacked a major ASP.NET provider

A major ASP.NET provider, SmarterASP.NET, which serves more than 440,000 customers, was attacked by a ransomware during this weekend. As a result, all data on the client servers was encrypted.

“Your hosting account was under attack and hackers have encrypted all your data. We are now working with security experts to try to decrypt your data and also to make sure this would never happen again”, — said SmarterASP.NET in a statement.

ZDNet reporters note that recovery is slow: many customers still do not have access to their accounts and information. Unfortunately, everything turned out to be encrypted, including site files and databases.

Although most users used SmarterASP.NET to host ASP.NET resources, some also entrusted the company’s backend servers with applications where they synchronized or backed up important data. As a result, because of the fact that the backend database has also suffered, many clients are not able to transfer the affected services to an alternative infrastructure.

Read also: Magento may deprive support of more than 200 thousand sites

It is worth noting that the attack affected not only customer information, but also the infrastructure of the provider itself. Therefore, the company’s website was unavailable throughout Saturday and only recently returned to full service. Apparently, a full recovery may take several weeks for SmarterASP.NET specialists.

The ZDNet publication writes that, judging by the screenshots of their social networks, which can be seen below, the attack on SmarterASP.NET was carried out using the Snatch ransomware, which changes the file extensions to .kjhbx. However, there is no official confirmation of this yet.

“SmarterASP.NET is the third hosting provider that was hit this year. The first was A2 Hosting in May. A2, a well-known provider of Windows Servers, had servers in Asia and North America encrypted by a version of the GlobeImposter 2.0 ransomware strain. The second web hosting provider hit this year was iNSYNQ, a cloud computing provider of virtual desktop environments. The company was infected in mid-July by a version of the MegaCortex ransomware”, — write ZDNet journalists.