Ransomware attack
Incident Report for CloudNordic
Monitoring
Please see https://cloudnordic.com for final update.
Posted Aug 21, 2023 - 16:19 CEST
Update
Restore operations during Saturday have not been succesfull, new update will be published early Sunday.
Posted Aug 20, 2023 - 00:37 CEST
Update
New setup is ongoing and proceeding as planned according to our disaster recovery plan.
Current estimation is that the new setup will be done late Friday evening, and that services will begin to get back up during Saturday. Due to the amount of systems needed to get back up, it will still take many hours, for each service to become fully functional again, and while some services might start to work early Saturday, we expect it to take all Saturday until all services are running.
Posted Aug 18, 2023 - 12:29 CEST
Update
We are continuing to work on a fix for this issue.
Posted Aug 18, 2023 - 09:49 CEST
Identified
Clusters and storage have been infected by a ransomware attack, affecting all primary storage.
Ransomware infection, happened due to infected hardware from another datacenter being moved to our primary datacenter, and attached to our core network, thus bypassing normal firewalls and security systems.
In order to ensure everything working and not getting re-infected, this requires a complete re-install of all hardware, which is unfortunately a very big and lengthy process.
We cannot yet estimate precisely how long this will take, currently we have new hardware, and a large team of sysadmins is working on setting up routers, networks, hosts, storage based on our documentation.
We cannot yet give a proper estimation, but currently expect this could take several days to complete.
We will update this page according to the process.
Posted Aug 18, 2023 - 09:45 CEST
This incident affects: CloudNordic services (Cloud Control Panel, OX AppSuite + Dovecot Pro, Hosted Exchange, Shared Web Hosting, www.cloudnordic.com, IP Services, Service Desk, Phones, DNS Services, Virtual Servers, Office 365 Cloud Backup, Roundcube + Dovecot Pro) and AzeroCloud Services.