Swiss Cloud, a Switzerland-based cloud hosting provider, suffered a ransomware attack that seriously impacted its server infrastructure. The incident took place on Tuesday, April 27, according to Swiss Cloud’s status page.
The company, which is one of Switzerland’s major hosting providers, said on Friday in an update posted on its website that it’s working to restore affected servers from existing backups.
“After the cyber-attack on April 27, work is proceeding to clean up the systems and restore normal operations at swiss cloud computing ag. The backup systems can be used for recovery. Parts of the complex server network affected by the attack must first be cleaned up individually and reconfigured with the corresponding temporal effects. The work to clean up and restore the servers, for which swiss cloud computing ag is supported by specialists from the system partners of HPE and Microsoft, gives reason to be confident that the systems will be available again in the coming week. The work will also continue on weekends in 24-hour shifts.” reads a statement posted by the company on its website.
More than 6,500 clients affected
While the incident did not affect the company’s entire server infrastructure—spread among different data centers across Switzerland, the disruption has impacted server availability for more than 6,500 customers. One of the most high-profile customers impacted by Swiss Cloud’s outage is Sage, a company that delivers payroll and HR software for German-speaking nations.
However, while the company might be confident regarding the timeline of its recovery plan, similar ransomware attacks have also taken place at other cloud and web hosting providers over the past few years. In most cases, recovery efforts lasted weeks, not days.
This includes incidents at Managed.com, Equinix, CyrusOne, Cognizant, X-Cart, A2 Hosting, SmarterASP.NET, Dataresolution.net, iNSYNQ, and Internet Nayana, just to name the larger attacks.
Web hosting and cloud infrastructure providers are not particularly targeted by the ransomware groups, but once they’re breached, they usually face some of the largest ransom demands. This is because even the smallest downtime they suffer trickles down to all their customers, and providers face immense pressure to restore services from all sides. This pressure is also why some companies choose to pay the ransom demand even if they have backups.