Cyber Incident Victim: Namebay
Date:
Sep 2024
Location:
France
Summary
A ransomware attack disrupted the victim's services, including hosted email, hosting, and API functionality. Emergency response measures involved investigations by internal security teams, CERT specialists, and cybersecurity experts, alongside DNS infrastructure hardening and deployment of a temporary secure email system. While DNS services were restored and stabilized, full service recovery remains ongoing with prioritized email reactivation via a dedicated support channel. The organization is investigating potential data exfiltration but has not yet confirmed evidence of such activity or provided a restoration timeline. Customer communications emphasize processing delays due to high request volumes and continued mobilization of technical teams to resolve the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Namebay experienced a ransomware cyberattack on September 21, 2024, causing significant service disruptions. The attack immediately impacted hosted email services, general hosting infrastructure, and API functionality, though the company did not specify which other systems were compromised. Namebay's security teams, supported by a CERT (Computer Emergency Response Team), external cybersecurity experts, and an internal crisis unit, initiated investigations to assess the attack's scope and implement recovery measures. Concurrently, the company faced a DNS incident attributed to a provider issue, which required server restart requests and DNS infrastructure security enhancements. While the DNS system was later reported as restored and stabilized, reinforcement measures remained ongoing. Namebay activated an emergency security protocol to establish a fully secure, autonomous environment for service recovery, prioritizing the creation of an alternative email infrastructure. Customers were instructed to manually activate this temporary email solution by contacting [email protected] with their client ID, domain name, and affected mailboxes—a process delayed by high demand and requiring weekend staffing reinforcements.
The company acknowledged unresolved service outages with no estimated restoration timeline, though DNS functionality had resumed. Investigations continued into potential data exfiltration, with promises of updates if evidence emerged. Namebay maintained customer communication via its website, apologizing for inconveniences and emphasizing its focus on reliable service restoration. No ransomware group, payment demands, or data compromise specifics were disclosed. Operational priorities included industrializing temporary email deployment processes and completing DNS security upgrades while forensic work progressed. Customers experienced prolonged email service disruption, needing manual intervention to access the alternative system, which Namebay described as transitional pending full recovery. The crisis team remained active, but the article concluded without confirming full service restoration or providing additional attack details beyond the confirmed ransomware vector and ongoing infrastructure hardening efforts.