On Sept. 2, cloud hosting provider Cloudnine Real Time experienced a ransomware attack that ultimately compromised the data of 30 percent of its accounting firm customers in California and Texas.
By 9 AM (PST) that day, the Cloudnine support team had received reports from several clients of a lag time in accessing the Cloudnine environment, according to an incident report sent to its clients. The Cloudnine team deployed personnel to these locations to troubleshoot, and quickly learned that the network had been accessed by an unauthorized, outside party. Cloudnine immediately deployed its emergency response actions to secure the network. All client servers were taken offline, affecting 100 percent of Cloudnine’s customers. By 6 AM PST on Sept. 4, unauthorized access to the network was successfully revoked.
Once the network was back up and running, the 30 percent of clients whose data had been compromised found that much of their data was inaccessible. This is when Cloudnine realized the attack was of the ransomware variety. Hackers hold an entity or individual’s data for a price — i.e., a ransom.
The way ransomware works is it drops a script into a victim’s computer system, encrypting files to make them inaccessible. Once a victim pays the ransom, the cybercriminal may (or may not) give them a key to unlock those files and regain access to the data. However, there is never a guarantee that the key will be given. The good news is, no files or data are extracted and viewed by the hackers, so firm clients are not at risk for identity theft.
Alessandra Lezama, CEO of Abacus Next, which acquired Cloudnine in February, said that her security team was successful in restoring the data of its California clients from back ups. Once their data was restored, they were 100 percent operational within the week.
However, restoration proved more difficult in Texas. Lezama explained that for the Texas clients, the backups had been compromised as well, because their backup data had synchronized with corrupt files. But Cloudnine clients are obligated backup their own data as well, as a sort of third-level security measure, so most of those clients were soon able to restore their files and return to normal operations within the week.
There were a minority of Texas clients that had not backed up up their files recently enough, though, and for them, restoration was a little more difficult. Cloudnine took responsibility for those data, and worked to mine their data from the corrupt files on Cloudnine’s servers. By late Friday, Sept. 6, Cloudnine accomplished a full restoration of all clients and any outstanding clients in Texas, according to Lezama.
“We take security very, very seriously,” Lezama said. “One of the key components of the acquisition of Cloudnine was to enhance and bring up to snuff the Cloudnine network, which is not the latest and greatest of technology like the Abacus Next network is.”
Lezama went on to explain that Cloudnine offers a “value proposition” to its clients, describing its platform as one for hosting and providing access to remote apps.
“On the Abacus Next side of the house, we’ve built private cloud environments from the ground up with fragmentation and engineering design, and security, and a business continuity element, which is a much higher end platform than simply providing remote access for apps,” Lezama added. “We have done a tremendous amount of work in last three to four months to upgrade and start the re-engineering of the Cloudnine network. Had that not been the case, then the magnitude of the incident would have been much greater.”