SmarterASP.NET, a popular web hosting provider with more than 440,480 customers, has been hit with a ransomware attack that took down its customers’ websites that were hosted by the company. The company on Monday said it is in the process of recovering impacted data.
SmarterASP.NET offers shared web hosting services – which allow many websites to reside on one web server connected to the internet – for customers. Many SmarterASP.NET customers specifically are looking to host ASP.NET sites. ASP.NET is an open source web framework, created by Microsoft, for building web apps and services with .NET.
According to reports, the ransomware attack hit and encrypted customers’ web hosting accounts – which give customers access to servers where they can store files and data required to run their websites – thus crippling customer websites. SmarterASP.NET’s website was also initially downed by the attack, but has since been recovered.
“Your hosting account was under attack and hackers have encrypted all your data,” according to a Monday notice on SmartASP’s website. “We are now working with security experts to try to decrypt your data and also to make sure this would never happen again. Please stay tune for more info.”
While it’s unclear when the ransomware attack first hit, a rash of Tweets, starting Nov. 9, show customers angered that they were not notified of the attack via email after their services stopped.
The company is in the middle of recovering accounts that were locked down by the attack. According to a Monday morning update, 90 percent of the impacted accounts are “back to normal” after the company found “a solution to resolve this problem.”
It’s unclear whether the solution stems from the company paying the ransom or restoring from backup files. Details also are currently scant around how the company was first attacked. Threatpost has reached out for further clarification.
According to a ZDNet report, the customer files were encrypted by a version of the Snatch ransomware, which is known for being distributed via spam email containing infected attachments or by exploiting vulnerabilities in the operating system and installed software. Typically Snatch ransomware locks down victim data and asks for a ransom between $500 to $1500 in Bitcoin.
SmarterASP.NET said on Monday morning it will need time to recover the remaining 10 percent of accounts, but it expects most customers to be back online within 24 hours.
“FTP and Control panel should be back to normal in the next 30 minutes or so,” according to the update.“When you login and If you see weird extensions in your files, don’t download them. Those are encrypted files and it’s useless to download them. Please wait for our staff to fix it. We will continue to keep everyone posted.”
Other hosting services have also fallen victim to ransomware – in December 2018, Dataresolution.net was hit with a Christmas Eve attack. A2 Hosting in April 2019 reported a ransomware attack that had encrypted their Windows hosting servers.
Ransomware attacks in general continue to make headlines. In June, dual Florida cities – Lake City and Riviera Beach – were both hit by ransomware attacks and decided to pay off the hackers. And, after a rash of public schools were hit with ransomware in July, Louisiana’s governor declared a statewide state of emergency.
“Unfortunately, this continues a trend that we have noted of ransomware actors targeting service providers as way to gain access to their clients or encrypt client data correctly,” security researcher Allan Lisa told Threatpost.
“According to one survey 12 percent of all ransomware attacks are the result of a compromised service provider. A similar attack happened in August with the ransomware attack on Digital Dental Records and famously in 2017 with South Korean hosting company, Nayana. As these targets continue to prove lucrative for attackers we expect this trend to continue. ”
What are the top risks to modern enterprises in the peak era of data breaches? Find out: Join breach expert Chip Witt from SpyCloud and Threatpost senior editor Tara Seals, in our upcoming free Threatpost webinar, “Trends in Fortune 1000 Breach Exposure.” Click here to register.