SmarterASP.NET is Struck by Ransomware Which Encrypted Client Data

  • An unidentified ransomware strain has hit SmarterASP.NET on Saturday, and the service is still recovering.
  • The company says that about 40% of the affected clients have gotten their websites back already.
  • Customers are urged to refrain from sending emails and to monitor the firm’s social media instead.

SmarterASP.NET has published an official announcement informing its customers of a ransomware attack that was successful. As a result, all client data has been encrypted now, and security experts are working together with the IT team of the web hosting services provider to decrypt it. At the same time, the firm is also trying to implement security measures, to prevent this from happening again in the future. As they also clarify, they are currently receiving thousands of email messages from worried clients, so it is impossible to answer them all immediately. Those who want to stay informed about the status of the web hosting services should be keeping an eye on the SmarterASP.ET Facebook, or Twitter.

We are optimistic that everything will be back to normal no longer than 12-24hours. We will not go home until everyone is taken care of.
Thank you once more for your patience.

— Smarterasp (@smarterasp) November 11, 2019

As the company brings some servers back online, some customers may have already gotten back their sites, while others could wait for another 24 hours before they are ready to get back to business. The latest update, which came about 15 minutes before we published this, SmarterASP.NET has already managed to recover 40% of the affected accounts. We can’t tell what this percentage corresponds to, but it sounds promising at least.

The attack unfolded during the weekend, and the SmarterASP.NET website became inaccessible throughout Saturday. This was when the first complaints started popping up on social media, wrongfully accusing the firm of trying to downplay or even hide the incident by not providing any official statements. Obviously, the web hosting provider was still investigating and also busy responding to the attack. The clients who managed to access their website files and backend databases were shocked to find that everything had been encrypted, with all files carrying the “.kjhbx” extension. At this time, we’re unsure about the type of ransomware that results in this extension.

source: ZDNet

This means that we also don’t know if SmarterASP.NET is using a decrypter, has paid the ransom, or is restoring the client data from backups. ZDNet has sourced screenshots from some of the firm’s clients, which depict the above ransom note. The actors promise a speedy recovery of the files and advise the admins not to restart the NAS equipment and not to rename the encrypted files, as either would result in the permanent and irreversible loss of the files. The actor is also offering to decrypt three files for free, as proof of his/her ability to recover the files.

Have something to comment on the above? Feel free to do it in the comments down below, or on our socials, on Facebook and Twitter.