SmarterASP.NET[1], an ASP.NET hosting provider with more than 440,000 customers, was hit yesterday by ransomware.
The company is the third major web hosting firm this year that went down because hackers breached their network and encrypted data on customer servers.
At the time of writing, SmarterASP.NET said it's working to restore customers' servers. It is unclear if the company paid the ransom demand, or is restoring from backups.
A phone call to SmarterASP.NET was not returned. The company's phone line was down, citing an influx of calls. In a status message posted on its website, the company admitted to the hack.
"Your hosting account was under attack and hackers have encrypted all your data," the message said[2]. "We are now working with security experts to try to decrypt your data and also to make sure this would never happen again."
Attack happened on Saturday
The attack didn't just hit customer data, but also SmarterASP.NET itself. The company's website was down all day on Saturday, coming back online earlier today on Sunday morning.
Server recovery efforts are going slow. Many customers still don't have access to their accounts and data. Those who do say their data is still encrypted, including website files but also backend databases.
While most users where using SmarterASP.NET for hosting ASP.NET sites, some were using the company's serves as app backends, where they were synchronizing or backing up important data. The fact that backend databases have also been hit, and not just public-facing web servers, has prevented many from moving impacted services to alternative IT infrastructure.
According to screenshots posted on Twitter, all customer files have been encrypted by a ransomware strain that appends the ".kjhbx" file extension to each file it encrypts. ZDNet is still working