While recent reports seem to indicate that
hackers are mostly abandoning ransomware attacks and replacing them with other
methods, it is evident that ransomware is still not a thing of the past. The
best example of this is a recent report of a hack of a major ASP.NET hosting
provider, SmarterASP.NET.
The company allegedly has over 440,000 customers, which made it an attractive target for online criminals. After yesterday’s attack, SmarterASP.NET became the third major web hosting company to be hit by a hacking attack. As with others, hackers managed to breach the company’s defenses, seize its data, and encrypt it within the firm’s servers.
Those familiar with how ransomware works
likely know that doing this makes data unreadable and useless to the firm. Of
course, there is likely a decryption key that hackers possess, and that is able
to neutralize the encryption. However, in order to provide it, hackers in these
situations usually demand a large payment.
According to what is known right now, the company is currently working on restoring its servers. But, it is still unknown whether its officials decided to pay the ransom , or if they have backups which could be used for restoring their lost files. All that the firm has revealed so far is the hack itself, as they notified users on their website.
The message simply says that the users’ hosting accounts are under attack and that all data was encrypted. The company also noted that it is working with security experts in attempts to resolve the problems.
As mentioned, the attackers did not only
target customers’ data — they were also after the service itself. The company
was allegedly attacked this Saturday, and its website was down for the entirety
of the day. Luckily, the firm managed to restore it on Sunday morning, which is
when it released the notification regarding the hack.
For now, the company has seemingly had little
luck in recovering servers, and the whole process seems to be going rather
slow. Most of its users cannot access their data, or even their accounts, while
those who succeeded in accessing anything claim that the encryption is still
on.
It also seems that the majority of users were
using the service for hosting ASP.NET websites, although some of them also used
the firm’s servers as backends for apps. SmarterASP.NET’s servers were used for
data backup and synchronization.
Now, with the company’s public-facing servers,
as well as backend databases,  being
infected and encrypted, many of those who used its services decided to seek out
alternative providers.
As stated previously, the firm has been rather secretive regarding the attack, likely due to an ongoing investigation. However, some screenshots that were posted on Twitter earlier indicate that the service was infected by a version of the ransomware known as Snatch.
Also, as mentioned, SmarterASP.NET is the
third service of this kind that was hit by ransomware in 2019, with the other
two being A2 Hosting (attacked in May), and INSYNQ (attacked in July).
A2 is another major provider that is quite
well-known. It provides Windows servers, and its servers in both, North America
and Asia were infected by a ransomware strain known as Globeimposter 2.0. As
for INSYNQ, this is a cloud computing provider of digital desktop environments.
This company was attacked and infected in July, and its files were encrypted
via ransomware known as MegaCortex.
In both cases, ransomware made it extremely
difficult for the firms to recover, and they both needed weeks to retrieve
their customers’ files. Considering the size of SmarterASP.NET alone, the
company will likely need weeks to recover, as well.
As for why such attacks are being made against web hosting firms in a period when ransomware attacks are mostly dying out, the reason is simple — the biggest ransomware payment ever came from a hosting provider . The payment was made back in June 2017, by a hosting company called Internet Nayana. The firm is based in South Korea, and it paid $1.14 million to hackers who encrypted its files and demanded a ransom in return for the decryption key.
Hackers also demanded to be paid in Bitcoin,
and since BTC price increased by 20x in months that followed, said hackers were
likely able to make a massive profit since then.
pawn-shopcc crdclubsu