SmarterASP.NET, an ASP.NET hosting provider with more than 440,000 customers, was hit yesterday by ransomware.
The company is the third major web hosting firm this year that went down because hackers breached their network and encrypted data on customer servers.
At the time of writing, SmarterASP.NET said it's working to restore customers' servers. It is unclear if the company paid the ransom demand, or is restoring from backups.
A phone call to SmarterASP.NET was not returned. The company's phone line was down, citing an influx of calls. In a status message posted on its website, the company admitted to the hack.
"Your hosting account was under attack and hackers have encrypted all your data," the message said. "We are now working with security experts to try to decrypt your data and also to make sure this would never happen again."
Attack happened on Saturday
The attack didn't just hit customer data, but also SmarterASP.NET itself. The company's website was down all day on Saturday, coming back online earlier today on Sunday morning.
Server recovery efforts are going slow. Many customers still don't have access to their accounts and data. Those who do say their data is still encrypted, including website files but also backend databases.
While most users where using SmarterASP.NET for hosting ASP.NET sites, some were using the company's serves as app backends, where they were synchronizing or backing up important data. The fact that backend databases have also been hit, and not just public-facing web servers, has prevented many from moving impacted services to alternative IT infrastructure.
According to screenshots posted on Twitter, all customer files have been encrypted by a version of the Snatch ransomware that encrypts files with a ".kjhbx" file extension.
SmarterASP.NET is the third hosting provider that was hit this year. The first was A2 Hosting in May. A2, a well-known provider of Windows Servers, had servers in Asia and North America encrypted by a version of the GlobeImposter 2.0 ransomware strain.