No Support Linux Hosting (NSLH), a UK-based web hosting company, announced on February 9 it was shutting down after a hacker breached its systems.
Two other web hosting providers from the UK also suffered similar attacks this weekend, and the three attacks may be related.
According to a message that was posted on the NSLH’s website, now taken down, the website was breached on Monday, February 8. The hacker compromised the company’s entire operation, including the admin section and customer database.
“We can no longer operate the No Support Linux Hosting business. All customers should immediately download backups of their websites and databases through cPanel,” NSLH said, urging clients to urgently save their data locally before servers go down for good.
At the time of writing, there are few details about the nature of the attack. It is unknown whether the hacker wiped the company’s database and backups or whether it was a classic ransomware attack involving encryption of files and a ransom.
But there seems to be more to this story.
On February 9, TorrentFreak, a blog on digital rights and piracy, reported that two other UK-based hosting companies – SapphireSecure.net and KS-Hosting.com – fell victims to similar hacks.
Because these companies provide IPTV services to pirate streaming sites, the attacker threatened to disclose the personal information of the owners and share their customer databases with the police and copyright protection agencies unless the website owners paid a ransom of 2 BTC.
What connects these attacks with the one on NSLH is that the hacker also gave the two companies an option to shut down for good if they couldn’t pay the ransom.
Since all three hacks happened within a short time frame and with similar demands, we think the breaches can be attributed to one same threat actor.