The week is just beginning and new security incidents affecting major technology companies have already being reported. According to web application security specialists, SmarterASP.NET, an ASP.NET hosting service provider, was the victim of a serious ransomware attack that could affect its more than 400k customers.
This is the third time this year that a major web
hosting company is affected by an encryption malware infection, clear
indicator of poor security measures and evolution of the methods employed by
threat actors.
Through a message posted on its website the
company acknowledged the incident and claimed that it had already begun work on
resetting all its systems, as mentioned by web application security experts.
However, it is still unknown whether SmarterASP.NET executives agreed to pay
the ransom to hackers or instead the information will be recovered from the
company’s backups. “Your account is under attack; the perpetrators have
encrypted all your data. We are working with experts to retrieve your
information and ensure that this does not happen again,” the statement
says.
So far the company has not provided further
details about the incident and its management, even its telephone line has been
disabled.
The attackers not only compromised the customer
information of this service, but also took the time to attack the company,
disconnecting its website, leaving it inaccessible throughout Saturday.
Finally, SmarterASP.NET web application security team regained control of their
website on Sunday morning.
Regarding the ransomware variant used by those responsible for this cyberattack, an anonymous user posted on Twitter some screenshots of a compromised computer, where it can be seen that the information was encrypted with an updated version of the Snatch ransomware, which adds the .kjhbx extension to infected files.
So far the company does not seem to have made
much progress in the recovery process, as the number of users reporting that
access to their accounts and data remains blocked, including files on their
websites and back-end databases, it’s still large.
The incident has hit many of the users of this
service very seriously, as most of them use SmarterASP.NET as a back end of web
applications to synchronize or back up important information. According to web
application security experts, since ransomware also affected these databases,
it is impossible for website administrators to move their operations to an
alternative IT implementation.
In the past few months, experts from the
International Institute of Cyber Security (IICS) reported the attack on two
other major hosting companies. The first incident occurred at A2 Hosting in
May, where hackers used the GlobeImposter ransomware. The next victim was
iNSYNQ, which was infected last July with a variant of the MegaCortex
ransomware, which prevented the proper functioning of the company’s systems for
almost two months; recovery time for SmarterASP.NET is expected to be similar.
