www-cloudnordic-com.translate.goog Open in urlscan Pro
2a00:1450:4001:831::2001  Public Scan

URL: https://www-cloudnordic-com.translate.goog/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
Submission: On August 23 via manual from US — Scanned from DE

Form analysis 1 forms found in the DOM

POST //translate.googleapis.com/translate_voting?client=wt_lib

<form id="goog-gt-votingForm" action="//translate.googleapis.com/translate_voting?client=wt_lib" method="post" target="votingFrame" class="VIpgJd-yAWNEb-hvhgNd-aXYTce"><input type="text" name="sl" id="goog-gt-votingInputSrcLang"><input type="text"
    name="tl" id="goog-gt-votingInputTrgLang"><input type="text" name="query" id="goog-gt-votingInputSrcText"><input type="text" name="gtrans" id="goog-gt-votingInputTrgText"><input type="text" name="vote" id="goog-gt-votingInputVote"></form>

Text Content




FOR CUSTOMERS IN CLOUDNORDIC

Unfortunately, during the night of Friday 18-8-2023 at 04 a.m., CloudNordic was
exposed to a ransomware attack, where criminal hackers shut down all systems.
Websites, e-mail systems, customer systems, our customers' websites, etc.
Everything. A break-in that has paralyzed CloudNordic completely, and which also
hits our customers hard.

Since we cannot and do not want to meet the financial demands of the criminal
hackers for ransom, CloudNordic's IT team and external experts have been working
hard to get an overview of the damage and what was possible to recreate.

Unfortunately, it has proved impossible to recreate more data, and the majority
of our customers have thus lost all data with us. This applies to everyone we
have not contacted at this time.

The hacking attack has been reported to the police.


STATUS

We are deeply affected by the situation, and are aware that the attack is also
very critical for many of our customers. In addition to data, we also lost all
our systems and servers and have had difficulty communicating. We have now
re-established blank systems, e.g. name servers (without data), web servers
(without data) and mail servers (without data).


GET HELP TO MOVE ON WITHOUT MOVING

We are ready to restore customers on the same name servers with a DNS
administration interface, as well as new web servers (without data) and mail
servers (without data), so that customers have the opportunity to get mail and
the web working again, without moving the domain. Write to support@azero.dk with
the word RESTORE in the subject line. In the email, write your email and your
phone number as well as the domain, and then you will get login to a new website
and email solution, where you can upload the website yourself and create email
addresses.


DIY


REGARDING DOMAINS WHERE YOU NEED TO HAVE DNS MANAGEMENT QUICKLY:

This is the fastest method to get DNS working again for your domain.

 * We have re-established all name service servers, but do not have your DNS
   zone. Much of the zone can often be copied from
   https://securitytrails.com/list/keyword > your-domain.xx > Subdomains (very
   technical).

 * If you contact us at support@azero.dk and you are verified as the owner as
   described below (via email or phone), you can ask us to be created on our
   name service again, which the domains still point to. You will then get
   access to a self-service DNS tool (PowerDNS-Admin), where you can do one of
   the following:
   
   * Create the DNS zone as you know it should be.
   
   * Copy zone elements from Securitytrails (see above).


REGARDING DOMAINS YOU WANT MOVED:

Note that transferring a domain can take days, so if you want to use DNS again
more quickly, you can use the option above first, and then possibly move the
domain afterwards.

 * For .dk domains, you can order a new web hotel from another provider, and you
   yourself have access to approve the transfer of the domain to a new provider,
   via punktum.dk .

 * For .com domains, you must also order the domain from a new provider, and
   then use an authorization code from CloudNordic (auth code), here we ask you
   to contact us at support@cloudnordic.com . Please note that we are in a very
   difficult situation as we cannot keep up with all the requests, so please
   help us to do it as quickly and efficiently as possible. We must verify that
   we only send auth codes to the owner of the domain, and we can:
   
   * Send to the email linked to the registrant (owner) of the domain.
   
   * Call you on the phone number connected to the registrant (owner) of the
     domain and verbally tell them what the code is. We can NOT give you an auth
     code by calling us, only by calling the applicable number. You must
     therefore contact support@cloudnordic.com and ask us to call you.
   
   * If we cannot contact you by email or phone, the process will become even
     more time-consuming and will end up at the back of the queue of tasks. We
     will of course try to carry out the task, but at this stage we cannot say
     anything about when. We are very sorry for that.
   
   * Contact our supplier of .com domains directly. It's Ascio, and they can be
     contacted at help@ascio.com .

 * For all other domains, the rules are different. We have all domains other
   than .dk with the supplier Ascio, so follow the same procedure as for .com.
   Some will have to use an auth code, at others it is not necessary.


SUGGESTIONS FOR BEING ABLE TO RECREATE YOUR OWN WEBSITES:

 * Own local backup

 * Copy from Wayback - https://web.archive.org/


SUGGESTED EMAIL:

 * When you have had mail restored by a provider, and you have all your old mail
   in a mail client (Outlook, Apple mail and the like) on your own computer, you
   should make sure to create a new mail account for the new mail account on
   your client. You can then transfer emails to the new email account in your
   client.

 * Hvis du i stedet kommer til at rette oplysninger i eksisterende konto på din
   mailklient, så vil din mailklient slette alle mails. Herefter kan du kun få
   mails tilbage, hvis du første laver restore på din mailklient fra før
   ændringen, og derefter opsætter en ny mailkonto, og så flytter mails over
   manuelt. På en Mac kan du bruge det indbyggede Time Machine program.


HVAD SKETE DER?

Det er vores bedste vurdering, at da servere skulle flyttes fra et datacenter
til et andet og på trods af at maskinerne der blev flyttet var beskyttet af både
firewall og antivirus, så var nogle af maskinerne inficeret inden flytningen,
med en inficering der ikke havde været brugt aktivt i det tidligere datacenter,
og vi havde ikke viden om at der var en inficering.

Under arbejdet med at flytte servere fra det ene datacenter til det andet
datacenter, blev servere der tidligere var på separate netværk, beklageligvis
kablet sådan at de fik adgang til vores interne netværk, der bruges til
administration af alle vores servere.

Via det interne netværk, fik angriberne adgang til helt centrale
administrationssystemer og backupsystemerne.

Via backupsystemet, lykkedes det angriberne at få adgang til:

 * Al storage (data)

 * Replikations backupsystem

 * Sekundært backupsystem

Det lykkedes angriberne at lave en kryptering af alle serveres diske, samt på
primært og sekundært backupsystem, hvorved alle maskiner gik ned og vi mistede
adgang til alt data.


INGEN DATABRUD

The attack occurred by encrypting all disks for all virtual machines, and we
have seen no evidence of a data breach. We have not seen the attackers have had
access to the data content of the machines themselves, but to administration
systems from which they could encrypt entire disks. Very large amounts of data
were encrypted, and we have seen no signs that large amounts of data have been
attempted to be copied out.



We deeply regret the situation and thank the many loyal customers who have been
with us over the years.

Sincerely

CloudNordic

Original text

Rate this translation
Your feedback will be used to help improve Google Translate