Threat Watch

Netgain Hosting Provider Forced to Take Down Data Centers After Ransomware

Netgain, a cloud hosting and IT service provider, was forced to take their data centers offline after they suffered a ransomware attack in November. Netgain contacted their customers through a series of emails stating that on November 24th, 2020 they became a victim of a ransomware attack that affected their data centers but did not state the type of ransomware they were infected with. Originally Netgain tried to have their incident response isolate the attack but in a later email to clients, they stated that to contain the attack they were shutting down their data centers. On December 8th, 2020, a client of Netgain that depends on its cloud services to host office management software for optometrists released a statement updating their clients about the Netgain incident. The update stated that the systems for Netgain were still offline and over 60 people were working around the clock to rebuild the servers, but there is no estimate or timeline for when the data centers will be back up and running.

ANALYST NOTES

Data centers host information for a lot of different companies. This attack on the data center did not only affect Netgain but is affecting all their other clients as well. At the time of writing, Bleeping Computer tried to reach out to Netgain multiple times but was not successful in getting a response. There are a lot of unknowns in this case, including how the infection started and what type of ransomware it was. If the attack follows the pattern of most ransomware incidents recently, it is possible that data was stolen from the servers prior to encryption and if Netgain does not pay the ransom, the threat actors will begin to post data online. If this is the case, the data posted will contain more than just Netgain’s data, which would be problematic for their clients. Companies that rely on cloud hosting providers should strongly consider encrypting the data that is stored on the cloud servers using a key that the hosting provider does not have. That way, if the hosting provider suffers a breach, the client data stored on the servers will not be at risk. With ransomware attacks becoming so prolific, companies should take precautions such as backing up files and implementing disaster recovery preparation. In this case, the best way to protect companies would be to have data stored at two separate data centers, so that if one goes down, companies can still operate by using their backup data center.

More can be read here: https://www.bleepingcomputer.com/news/security/ransomware-forces-hosting-provider-netgain-to-take-down-data-centers/