Book demo
25 August 2023

CloudNordic Attack: 3 Key Takeaways for Bulletproof Data Defense

A recent ransomware attack on the large Danish cloud provider, CloudNordic, has resulted in catastrophic data loss for its customers. In a grim online notice, CloudNordic admitted that the ransomware attack rendered them entirely paralyzed. The aftermath? The majority of their customers should consider their data permanently lost. Such devastating events remind us of the growing audacity of cybercriminals and the vulnerabilities inherent in even the most trusted of IT setups.

The infiltration occurred in the early hours of August 18th 2023. The criminals, in a calculated move, shut down CloudNordic’s systems, erasing both the company’s and its customers’ websites and email platforms. Efforts to restore the data proved futile, as both production data and backups were compromised. Though it might provide some solace, CloudNordic clarified that they found no evidence of any data exfiltration before the encryption. They speculated that the breach occurred while servers were transitioning between data centres. Some servers, pre-infected, were all linked to CloudNordic’s internal network during the transition, granting the hackers all-access.

Given this sobering incident, how can companies who use the cloud to store business data prevent falling prey to similar attacks?

  1. Segregated Backup: CloudNordic’s transfer process inadvertently connected their servers to one internal network which then led to the breach. Ensure that different components of your IT environment (like production, backup, and administrative systems) all use isolated networks, separate access controls, and distinct cloud storage accounts. This will ensure backup data remains untouched even if production data is compromised in the cloud.
  1. Multi-layered Backup Strategy: CloudNordic’s backups were compromised along with the production data. This can be avoided if companies follow the 3-2-1 rule: keep three copies of your data, on two different mediums, with one stored offsite. Moreover, offline or air-gapped backups can prevent ransomware from accessing and encrypting backup data.
  1. Regular Security Audits & Recovery Assurance Testing: Using tools such as Predatar to deliver automated security checks across backup can identify vulnerabilities before they’re exploited. In addition continual automated restore testing and malware scanning provides assurance that, in the event of an attack, your organisation can efficiently restore from backups.

In conclusion, while CloudNordic is now offering a method for their clients to re-establish web and email servers (sans data), it’s a stark reminder that proactive measures are infinitely preferable to reactive solutions. In the rapidly evolving cyber landscape, relying solely on standard backups from a cloud provider can be perilous. Such backups, while convenient, often exist within the same ecosystem as primary data, making them vulnerable to the same threats. Cyberattacks, like ransomware, can simultaneously target both primary and backup data if they’re co-located. Additionally, cloud outages or provider-centric issues could jeopardise both datasets. For optimal security, diversified backup strategies, incorporating offsite and offline measures, are crucial. Simply put, a holistic approach to backups transcends mere convenience—it’s a necessity for robust data protection.

Book a demo here and find out how Predatar and IBM can help your business secure its cloud data.

Learn more about
Predatar recovery assurance