Ransomware Attack Downs Hosting Service SmarterASP.NET

ransomware web hosting service attack

SmarterASP.NET said that it is in the middle of recovering accounts downed by the ransomware attack.

SmarterASP.NET, a popular web hosting provider with more than 440,480 customers, has been hit with a ransomware attack that took down its customers’ websites that were hosted by the company. The company on Monday said it is in the process of recovering impacted data.

SmarterASP.NET offers shared web hosting services – which allow many websites to reside on one web server connected to the internet – for customers. Many SmarterASP.NET customers specifically are looking to host ASP.NET sites. ASP.NET is an open source web framework, created by Microsoft, for building web apps and services with .NET.

According to reports, the ransomware attack hit and encrypted customers’ web hosting accounts – which give customers access to servers where they can store files and data required to run their websites – thus crippling customer websites. SmarterASP.NET’s website was also initially downed by the attack, but has since been recovered.

“Your hosting account was under attack and hackers have encrypted all your data,” according to a Monday notice on SmartASP’s website. “We are now working with security experts to try to decrypt your data and also to make sure this would never happen again.  Please stay tune for more info.”

While it’s unclear when the ransomware attack first hit, a rash of Tweets, starting Nov. 9, show customers angered that they were not notified of the attack via email after their services stopped.

The company is in the middle of recovering accounts that were locked down by the attack. According to a Monday morning update, 90 percent of the impacted accounts are “back to normal” after the company found “a solution to resolve this problem.”

It’s unclear whether the solution stems from the company paying the ransom or restoring from backup files. Details also are currently scant around how the company was first attacked. Threatpost has reached out for further clarification.

According to a ZDNet report, the customer files were encrypted by a version of the Snatch ransomware, which is known for being distributed via spam email containing infected attachments or by exploiting vulnerabilities in the operating system and installed software. Typically Snatch ransomware locks down victim data and asks for a ransom between $500 to $1500 in Bitcoin.

SmarterASP.NET said on Monday morning it will need time to recover the remaining 10 percent of accounts, but it expects most customers to be back online within 24 hours.

“FTP and Control panel should be back to normal in the next 30 minutes or so,” according to the update.“When you login and If you see weird extensions in your files, don’t download them. Those are encrypted files and it’s useless to download them. Please wait for our staff to fix it. We will continue to keep everyone posted.”

Other hosting services have also fallen victim to ransomware – in December 2018, Dataresolution.net was hit with a Christmas Eve attack. A2 Hosting in April 2019 reported a ransomware attack that had encrypted their Windows hosting servers.

Ransomware attacks in general continue to make headlines. In June, dual Florida cities – Lake City and Riviera Beach – were both hit by ransomware attacks and decided to pay off the hackers. And, after a rash of public schools were hit with ransomware in July, Louisiana’s governor declared a statewide state of emergency.

“Unfortunately, this continues a trend that we have noted of ransomware actors targeting service providers as way to gain access to their clients or encrypt client data correctly,” security researcher Allan Lisa told Threatpost.

“According to one survey 12 percent of all ransomware attacks are the result of a compromised service provider. A similar attack happened in August with the ransomware attack on Digital Dental Records and famously in 2017 with South Korean hosting company, Nayana. As these targets continue to prove lucrative for attackers we expect this trend to continue. ”

What are the top risks to modern enterprises in the peak era of data breaches? Find out: Join breach expert Chip Witt from SpyCloud and Threatpost senior editor Tara Seals, in our upcoming free Threatpost webinar, “Trends in Fortune 1000 Breach Exposure.” Click here to register.

Suggested articles


  • Anonymous on

    WebKnight Application Firewall Alert
  • Saroj Paneru on

    Still my site is down. Support doesn't reply. While calling them I got no luck as it always says we are getting high volume of call, please call later. They are not replying support ticket as well. Too unprofessional.
  • Sithu on

    My sites are also down. They show 95% recovered but every sites show database connection errors. WTF professional.
  • Ron Blakemore on

    Why can I not contact them. They are not repsonding to emails or answering there phones Not a Good look for Business
  • Er on

    Never again with Smarter ASP they just complete sucks!!
  • Carol on

    @Er We can't trust them anymore too, but we learn from this incident. Backup is really important and we can't just believe in hosting provider, moreover this is very very cheap hosting for .net, we can't expect too much from them. How is your site? Our site is up now, but this morning down again, we have contacted them and still no response from them. The good news is we have taken our backup so we can move to our new provider, Asphostportal.
  • Bob on

    I'm flabbergasted that I get absolutely no response from them now. I have over 20 websites with them. Most of them are now up and running, but I have 4 or 5 that still have errors and won't come up. The last response I received from them was on Nov 13. Since then I get nothing. And if I call their phone number it just refers me to the support help desk. The on-line chat is supposedly available with no wait - one day I got in and chatted with a guy about my SSL not being installed and he said he'd move me up to senior support. That was on Nov 12. Nothing heard since then and I've submitted new tickets daily, but no response. I did have most of my sites backed up - however a week before the ransomware attack happened my disk with the backups crashed. I figured I'd pick up new backups later - then this! I know they are not the best, but I've been with them for over 5 years and really not experienced anything like this. I guess I could bad mouth them - but I hope there's not a place deep enough and hot enough in that place that exists after life - and I'm not talking about heaven - and that is the place for the hackers. This will likely end my business - luckily mine is small and I don't make much money at it. But for some, this is going to be a disaster.
  • Matt B on

    @Bob You're right. There is no point to bad mouth about their service. I also use their service for almost 1 year, so far so good until this incident happened. But thanks God, they have recovered my files and database, I only missed some files, that's ok. They are very cheap hosting for .net, this is their plus point. We can't expect that everything works smoothly and we depend everything on them, include the backup. They are really working on this issue, I really appreciated about their effort. I can't give second chance to them anymore, I believe that hacker can still access their server since maybe the hacker already know their configuration. I really afraid with second attack. I consult this matter to my boss and he decide to move our site to other hosting, Asphostportal. I hope there will be no incident like this anymore.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.