{"id":11827,"date":"2019-11-11T01:19:32","date_gmt":"2019-11-11T00:19:32","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=11827"},"modified":"2021-03-11T22:24:37","modified_gmt":"2021-03-11T21:24:37","slug":"smarterasp-net-von-ramsomware-befallen","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/11\/11\/smarterasp-net-von-ramsomware-befallen\/","title":{"rendered":"SmarterASP.NET hit by Ramsomware"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/11\/11\/smarterasp-net-von-ramsomware-befallen\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]The provider SmarterASP.NET with more than 440,000 customers seems probably to be a victim of a cyber attack over the weekend. All servers are said to have been encrypted by Ransomware.&nbsp; <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/76372def7a2d409986a84110fb543b56\" width=\"1\" height=\"1\">The <a href=\"https:\/\/www.smarterasp.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">website of SmarterASP.NET<\/a> is currently available and I did not find any hints on Ransomware on the status page. But on Twitter on November 9, 2019 there were already reports that the websites was down.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"fr\" dir=\"ltr\"><a href=\"https:\/\/t.co\/LNBxt38JqH\">https:\/\/t.co\/LNBxt38JqH<\/a> Outage <a href=\"https:\/\/t.co\/fYPofQMqU2\">https:\/\/t.co\/fYPofQMqU2<\/a><\/p>\n<p>\u2014 US Web Guys (@uswebguys) <a href=\"https:\/\/twitter.com\/uswebguys\/status\/1193265511057936384?ref_src=twsrc%5Etfw\">November 9, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>This tweet was dropped 16 hours ago and reports that the databases are still unavailable.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/t.co\/Tp6cLtJJwo\">https:\/\/t.co\/Tp6cLtJJwo<\/a> databases still offline!! Frustrating! <a href=\"https:\/\/twitter.com\/hashtag\/smarterasp?src=hash&amp;ref_src=twsrc%5Etfw\">#smarterasp<\/a>.net <a href=\"https:\/\/twitter.com\/hashtag\/smarterasp?src=hash&amp;ref_src=twsrc%5Etfw\">#smarterasp<\/a> <a href=\"https:\/\/t.co\/aM2Ui7gWwf\">pic.twitter.com\/aM2Ui7gWwf<\/a><\/p>\n<p>\u2014 Sifiso W. Ndlovu (@mafiswana) <a href=\"https:\/\/twitter.com\/mafiswana\/status\/1193425762931662848?ref_src=twsrc%5Etfw\">November 10, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Catalin Cimpanu points in the following tweet to the Ransomware infestation in which all servers were encrypted. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/t.co\/TL0EGnrA7r\">https:\/\/t.co\/TL0EGnrA7r<\/a>, a company with more than 440,000 customers, had all its servers encrypted by ransomware over the weekend<a href=\"https:\/\/t.co\/tuDy4bzSbv\">https:\/\/t.co\/tuDy4bzSbv<\/a> <a href=\"https:\/\/t.co\/aeG7CCsXaa\">pic.twitter.com\/aeG7CCsXaa<\/a><\/p>\n<p>\u2014 Catalin Cimpanu (@campuscodi) <a href=\"https:\/\/twitter.com\/campuscodi\/status\/1193557806420578304?ref_src=twsrc%5Etfw\">November 10, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>This is the third major web hosting company (after A2 in May and iNSYNQ in June) to be hit by a ransomware attack this year. Hackers have succeeded in penetrating the hosters' network and encrypting the data on customer servers. According to Catalin Cimpanu, the company is working to restore customers' servers. It is unclear whether the company has paid the ransom or whether it is restoring from backups.<\/p>\n<p>Telephone inquiries are probably not possible because their telephone system may have collapsed due to the number of support inquiries. At this point it gets strange: Catalin Cimpanu writes in <a href=\"https:\/\/www.zdnet.com\/article\/major-asp-net-hosting-provider-infected-by-ransomware\/\" target=\"_blank\" rel=\"noopener noreferrer\">the ZDNet article<\/a> that the hoster confirmed the attack. On the support page you could find the following text:<\/p>\n<blockquote>\n<p>Your hosting account was under attack and hackers have encrypted all your data, We are now working with security experts to try to decrypt your data and also to make sure this would never happen again.<\/p>\n<\/blockquote>\n<p>But if you go to the hoster's status page, the last entry is from June 1, 2019, so it looks like the status information quoted by Catalin Cimpanu has been deleted. Addendum: I just found this tweet:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">I did just get this email from <a href=\"https:\/\/twitter.com\/hashtag\/smartasp?src=hash&amp;ref_src=twsrc%5Etfw\">#smartasp<\/a>. The first since all of this began. <a href=\"https:\/\/t.co\/opYDRRg6Au\">pic.twitter.com\/opYDRRg6Au<\/a><\/p>\n<p>\u2014 YnotParking (@YnotParking) <a href=\"https:\/\/twitter.com\/YnotParking\/status\/1193663018858618882?ref_src=twsrc%5Etfw\">November 10, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>  <\/p>\n<p>A user received an e-mail, where the attack has been confirmed. According to the ZDNet article, the attack not only affected customer data on the servers, but also SmarterASP.NET itself. According to ZDNET, the company's website was unavailable all day on Saturday. In the meantime, however, the website has been available again since Sunday morning. <\/p>\n<p>Some users use SmarterASP.NET as a backup for their data. This data should now be encrypted. In the article screenshots of files are posted, which should occupy the encryption.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The provider SmarterASP.NET with more than 440,000 customers seems probably to be a victim of a cyber attack over the weekend. All servers are said to have been encrypted by Ransomware.&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[243,69],"class_list":["post-11827","post","type-post","status-publish","format-standard","hentry","category-security","tag-ransomware","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/11827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=11827"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/11827\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=11827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=11827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=11827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}