Swiss Cloud becomes the latest web hosting provider to suffer a ransomware attack
Catalin Cimpanu May 1, 2021

Swiss Cloud becomes the latest web hosting provider to suffer a ransomware attack

Swiss Cloud becomes the latest web hosting provider to suffer a ransomware attack

Swiss Cloud, a Switzerland-based cloud hosting provider, has suffered this week a ransomware attack that brought the company’s server infrastructure to its knees.

The incident took place on Tuesday, April 27, according to Swiss Cloud’s status page.

The company, which is one of Switzerland’s largest hosting providers, said on Friday in an update posted on its website[PDF] that it’s working to restore affected servers from existing backups.

The process is expected to take at least a few days. Swiss Cloud said its staff is working in 24-hour shifts, including over the weekend, to restore services as early as next week.

Experts from HPE and Microsoft are also helping with the process, the company said.

It is currently unknown which ransomware gang targeted Swiss Cloud and what’s the size of their ransom demand. A Swiss Cloud spokesperson did not return a request for comment.

More than 6,500 customers affected

While the incident did not impact the company’s entire server infrastructure—spread among different data centers across Switzerland—the disruption has impacted server availability for more than 6,500 customers.

One of the most high-profile customers impacted by Swiss Cloud’s outage is Sage, a company that provides payroll and HR software for German-speaking countries.

However, while the company might be optimistic about the timeline of its recovery plan, similar ransomware attacks have also taken place at other cloud and web hosting providers over the past few years. In most cases, recovery efforts lasted weeks, not days.

This includes incidents at Managed.comEquinixCyrusOneCognizantX-CartA2 HostingSmarterASP.NETDataresolution.net, iNSYNQ, and Internet Nayana, just to name the larger attacks.

Web hosting and cloud infrastructure providers are not common targets of ransomware groups, but once they’re breached, they usually face some of the largest ransom demands.

This is because even the smallest downtime they suffer trickles down to all their customers, and providers face immense pressure to restore services from all sides. This pressure is also why some companies choose to pay the ransom demand even if they have backups.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.