Hackers have breached the network of smarterASP.NET
Hackers breached the network of SmarterASP.NET, an ASP.NET web hosting provider, over the weekend and encrypted data on customer servers.
The company later confirmed that it was hit by a ransomware attack.
In a message posted on its website, the company said that its security teams were working to decrypt customers’ data and to ensure that such incident are not repeated.
“Your hosting account was under attack and hackers have encrypted all your data,” the company said in its message.
“We are now working with security experts to try to decrypt your data and also to make sure this would never happen again,” it added.
The attack also affected the website of SmarterASP.NET, which remained inaccessible for the entire day on Saturday. It was up online on Sunday morning.
While the company is currently working to recover customers’ servers, majority of customers don’t have access to their data yet. Those who were able to access their accounts found their data, including website files and backend databases, in encrypted form.
The customer files appear to have been encrypted by a ransomware that adds “.kjhbx” extension to the encrypted file.
Most likely Snatch Ransomware based on note and extension. Without sample file, can’t confirm.https://t.co/2SDXk3yZHG
— BleepingComputer (@BleepinComputer) November 10, 2019
SmarterASP.NET, with more than 440,000 customers, is one of the most popular ASP.NET hosting providers.
It is yet not clear whether the hosting provider has paid any ransom demand to hackers or is trying to restore the servers from backup.
Ransomware attacks have continued to make headlines in recent months. Just last week, remote IT management solutions firm ConnectWise warned its customers that hackers were targeting its software to install ransomware.
ConnectWise, which is based in Florida, provides management and collaboration solutions to companies.
In a Twitter post on 7th November, the firm stated that some malicious actors were trying to introduce ransomware by targeting the open ports for ConnectWise Automate on-premises application.
We want to inform you there are recent reports of malicious actors targeting open ports for ConnectWise Automate on-premises application to introduce ransomware. Please ensure that your ports are not left open to the internet based on our best practices: https://t.co/S7cgLAseAP
— ConnectWise (@ConnectWise) November 7, 2019
The company advised its customers to ensure that their “ports are not left open to the internet based on our best practices.”
Last month, security firm Emisoft issued a warning over rising ransomware attacks, targeting public sector companies, school districts and healthcare providers.
Emisoft said that more than 600 US government entities have been hit with ransomware in 2019, and the situation will only get worse in coming days.
Also last month, a group of hackers named the ‘Shadow Kill Hackers’ breached the administrative website of Johannesburg city.
The group demanded a ransom of four bitcoins from the city officials or risk having the financial and personal data of millions of citizens released on internet.