ASP.NET hosting provider recovering from ransomware attack
SmarterASP.NET was blunt in a status update on Monday titled:
Your hosting accounts are under attack
This wasn’t a partial paralysis. The provider advised customers that all data had been encrypted and that it was working with security experts to try to decrypt it, as well as making sure that “this would never happen again.”
Please don’t email us, the company asked, saying that it was (understandably!) being flooded by emails and that it doesn’t employ enough people to answer them all. It directed customers to its Facebook page for updates.
As of Monday morning, the provider said that it had fully restored FTP and control panel services – though, going by comments on its Facebook post, it sounds like the company’s stressed-out servers were still giving off a miasma of
503 Service Unavailable error messages.
In that post, the company warned customers not to download encrypted files. “If you still see encrypted files, we will get to it soon,” SmarterASP.NET said. The malware encrypted customers’ web hosting accounts, from which they access servers that may contain the files and data they need to run their sites. Thus, it’s not just the SmarterASP.NET customers that lost all their data: it’s also their websites that were affected.
SmarterASP.NET’s website was also temporarily knocked offline by the attack, but it was reportedly back online as of Sunday morning.