Delaware, USA – November 11, 2019 – On Saturday, cybercriminals attacked SmarterASP.NET, the US hosting provider with 440,000+ customers, and encrypted customer data and systems of the company. The site SmarterASP.NET was unavailable for about a day, the phone line was down, and customers reported their websites went down. This ransomware strain added .kjhbx extension to encrypted files and the most likely suspect in this attack is Snatch ransomware that is not decryptable for free at the time of writing. It can be assumed that the hosting provider paid ransom to get the decryption key since the announcement on the company’s website states that “We now have a solution to resolve this problem” and “We have recovered 80% of the affected accounts.” Recall that earlier this year, Globeimposter 2.0 encrypted servers of another US-based web hosting provider, A2 Hosting, the company decided not to pay attackers and the recovery dragged on for weeks, and not all of the company’s customers managed to get data restored from backups.
Another major company affected by a recent ransomware attack is Boardriders, a leading action sports company. Cybercriminals attacked the company at the end of October, and not only Boardriders, but also some of its subsidiaries, including Billabong and QuikSilver, suffered. The company still has not recovered from the cyber attack and is having difficulties with shipping. To detect such attacks at early stages, you can use the Ransomware Hunter rule pack available on Threat Detection Marketplace: https://my.socprime.com/en/integrations/ransomware-hunter-arcsight