Posted on November 11, 2019 at 4:08 PM
While recent reports seem to indicate that hackers are mostly abandoning ransomware attacks and replacing them with other methods, it is evident that ransomware is still not a thing of the past. The best example of this is a recent report of a hack of a major ASP.NET hosting provider, SmarterASP.NET.
The company allegedly has over 440,000 customers, which made it an attractive target for online criminals. After yesterday’s attack, SmarterASP.NET became the third major web hosting company to be hit by a hacking attack. As with others, hackers managed to breach the company’s defenses, seize its data, and encrypt it within the firm’s servers.
Those familiar with how ransomware works likely know that doing this makes data unreadable and useless to the firm. Of course, there is likely a decryption key that hackers possess, and that is able to neutralize the encryption. However, in order to provide it, hackers in these situations usually demand a large payment.
According to what is known right now, the company is currently working on restoring its servers. But, it is still unknown whether its officials decided to pay the ransom, or if they have backups which could be used for restoring their lost files. All that the firm has revealed so far is the hack itself, as they notified users on their website.
The message simply says that the users’ hosting accounts are under attack and that all data was encrypted. The company also noted that it is working with security experts in attempts to resolve the problems.
About the attack
As mentioned, the attackers did not only target customers’ data — they were also after the service itself. The company was allegedly attacked this Saturday, and its website was down for the entirety of the day. Luckily, the firm managed to restore it on Sunday morning, which is when it released the notification regarding the hack.
For now, the company has seemingly had little luck in recovering servers, and the whole process seems to be going rather slow. Most of its users cannot access their data, or even their accounts, while those who succeeded in accessing anything claim that the encryption is still on.
It also seems that the majority of users were using the service for hosting ASP.NET websites, although some of them also used the firm’s servers as backends for apps. SmarterASP.NET’s servers were used for data backup and synchronization.
Now, with the company’s public-facing servers, as well as backend databases, being infected and encrypted, many of those who used its services decided to seek out alternative providers.
Two other firms experienced similar attacks
As stated previously, the firm has been rather secretive regarding the attack, likely due to an ongoing investigation. However, some screenshots that were posted on Twitter earlier indicate that the service was infected by a version of the ransomware known as Snatch.
Also, as mentioned, SmarterASP.NET is the third service of this kind that was hit by ransomware in 2019, with the other two being A2 Hosting (attacked in May), and INSYNQ (attacked in July).
A2 is another major provider that is quite well-known. It provides Windows servers, and its servers in both, North America and Asia were infected by a ransomware strain known as Globeimposter 2.0. As for INSYNQ, this is a cloud computing provider of digital desktop environments. This company was attacked and infected in July, and its files were encrypted via ransomware known as MegaCortex.
In both cases, ransomware made it extremely difficult for the firms to recover, and they both needed weeks to retrieve their customers’ files. Considering the size of SmarterASP.NET alone, the company will likely need weeks to recover, as well.
As for why such attacks are being made against web hosting firms in a period when ransomware attacks are mostly dying out, the reason is simple — the biggest ransomware payment ever came from a hosting provider. The payment was made back in June 2017, by a hosting company called Internet Nayana. The firm is based in South Korea, and it paid $1.14 million to hackers who encrypted its files and demanded a ransom in return for the decryption key.
Hackers also demanded to be paid in Bitcoin, and since BTC price increased by 20x in months that followed, said hackers were likely able to make a massive profit since then.