What will a service provider do when ransomware attack wipes off all its data


Recently, there has been notable attention drawn to the announcement issued by CloudNordic, an Enterprise Hosting Provider. The statement acknowledges a distressing incident in which a ransomware group successfully compromised their systems, resulting in the complete loss of all customer data. Shockingly, this attack extended to the backup database as well, leaving the Danish service provider in a state of helplessness.

The gravity of the situation becomes evident as not only the primary data but also the secondary backups have been rendered irretrievable due to the attack. This raises significant questions about how affected customers can navigate their recovery process and whether they are entitled to any form of financial reparation.

Navigating the path to recovery is currently complex, largely contingent upon the contractual arrangements established between CloudNordic and its clients prior to project initiation. It is important to recognize that Cloud Service Providers (CSPs) commonly implement comprehensive data protection strategies. This often involves maintaining redundant copies of data both onsite and offsite. In certain cases, adherence to compliance regulations and best practices leads CSPs to uphold three distinct backup copies across diverse geographic locations.

Considering this, it is conceivable that CloudNordic might still be able to salvage data through its business continuity plans or its most recent archive. However, in instances where the predicament becomes exceptionally intricate, data recovery might prove unattainable. In such cases, legal provisions and obligations outlined in the pre-existing agreements would come into play, necessitating the company to provide compensatory measures to affected customers.

This situation presents a substantial setback, particularly for enterprises that have entrusted their critical data to the custody of Cloud Service Providers. The repercussions are especially dire for those whose operational continuity hinges on this data. Consequently, it is prudent for all stakeholders involved – both the CSP and the customers who have relied upon their services – to engage in a legal discourse. Collaboratively forging a resolution that addresses the concerns of both parties becomes imperative during these trying times.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display