SmarterASP.NET, a major provider of ASP.NET services to more than 440,000 customers, was hit by a ransomware attack last weekend. As a result, all data on the clients’ servers was encrypted.
SmarterASP.NET assures that they are already working on recovering user data, but it is not clear whether the company has paid a ransom or is recovering the data from backups. ZDNet journalists note that recovery is slow: many customers still do not have access to their accounts and information. And everything is encrypted, including site files and databases.
While most users have used SmarterASP.NET to host ASP.NET resources, some have also trusted the company’s servers with a backend of their applications to synchronize or back up important data. As a result, because the backend database was also affected, many customers are unable to migrate the affected services to an alternate infrastructure.
The ZDNet edition writes that, judging by the screenshots of their social networks, which can be seen below, the attack on SmarterASP.NET was carried out with the use of the Snatch extortionist, which changes the file extensions to .kjhbx. However, there is no official confirmation of this yet.
It is not surprising that the attackers are attacking hosting providers. After all, the largest ransom in history after the attack of the cipher was paid by the hoster: in the summer of 2017, the South Korean hoster Internet Nayana, too, suffered from the attack of the cipher and was forced to pay ransom to extortionists, eventually spending almost one and a half million U.S. dollars on data recovery in bitcoins.