SmarterASP.NET, an ASP.NET hosting provider with more than 440,000 customers, was hit by ransomware yesterday. The company is the third major web hosting firm this year that went down because hackers breached their network and encrypted data on customer servers.
More on the story here: https://www.
The ransomware attack on SmarterASP illustrates what can happen when third parties suffer a cyberattack. In this case, the websites of all 440,000 of SmarterASP’s customers went offline following the attack, which unquestionably resulted in loss of operations to those customers. Ransomware attacks such as this one demonstrate why it’s not enough for organizations to assess their own systems; they must also assess the risk posed by connecting with third parties.
Ransomware is a mature, well-organized and extremely profitable business today. Its threat actors are divided into different and disciplined groups, each with a particular area of technical expertise. Some are searching for susceptible victims with vulnerable infrastructure, others are launching the attack, while programming teams are continuously perfecting the malware. Payments in Bitcoin and other cryptocurrencies make these gangs virtually immune from prosecution by law enforcement agencies and allow them to operate in factual impunity. We will likely see growing sophistication of these attacks, eventually triggering a soar of paid ransom in absence of better choice to get data back.
Growing complexity of IT infrastructure and clouded visibility of digital assets make effective cyber-defense virtually impossible today, providing attackers with a multitude of entry points from the Internet via abandoned web applications, forgotten test systems, unprotected cloud storage or just business-critical systems with weak passwords. These are perfect starting points to launch ransomware attacks.