LOCKY VARIANT CHANGES C2 COMMUNICATION, FOUND IN NUCLEAR EK

A major cloud services company suffers massive ransomware infection

The week is just beginning and new security incidents affecting major technology companies have already being reported. According to web application security specialists, SmarterASP.NET, an ASP.NET hosting service provider, was the victim of a serious ransomware attack that could affect its more than 400k customers.

This is the third time this year that a major web hosting company is affected by an encryption malware infection, clear indicator of poor security measures and evolution of the methods employed by threat actors.

Through a message posted on its website the company acknowledged the incident and claimed that it had already begun work on resetting all its systems, as mentioned by web application security experts. However, it is still unknown whether SmarterASP.NET executives agreed to pay the ransom to hackers or instead the information will be recovered from the company’s backups. “Your account is under attack; the perpetrators have encrypted all your data. We are working with experts to retrieve your information and ensure that this does not happen again,” the statement says.

So far the company has not provided further details about the incident and its management, even its telephone line has been disabled.

The attackers not only compromised the customer information of this service, but also took the time to attack the company, disconnecting its website, leaving it inaccessible throughout Saturday. Finally, SmarterASP.NET web application security team regained control of their website on Sunday morning.

Regarding the ransomware variant used by those responsible for this cyberattack, an anonymous user posted on Twitter some screenshots of a compromised computer, where it can be seen that the information was encrypted with an updated version of the Snatch ransomware, which adds the .kjhbx extension to infected files.

So far the company does not seem to have made much progress in the recovery process, as the number of users reporting that access to their accounts and data remains blocked, including files on their websites and back-end databases, it’s still large.

The incident has hit many of the users of this service very seriously, as most of them use SmarterASP.NET as a back end of web applications to synchronize or back up important information. According to web application security experts, since ransomware also affected these databases, it is impossible for website administrators to move their operations to an alternative IT implementation.

In the past few months, experts from the International Institute of Cyber Security (IICS) reported the attack on two other major hosting companies. The first incident occurred at A2 Hosting in May, where hackers used the GlobeImposter ransomware. The next victim was iNSYNQ, which was infected last July with a variant of the MegaCortex ransomware, which prevented the proper functioning of the company’s systems for almost two months; recovery time for SmarterASP.NET is expected to be similar.