Cyber Incident Victim: No Support Linux Hosting

On February 8, 2021, No Support Linux Hosting (NSLH) suffered a cyberattack that compromised its entire operational infrastructure, including its official website, administrative systems, and customer database. The company publicly announced its immediate shutdown on February 9, stating it could no longer continue business operations due to the severity of the breach. NSLH directed all customers to download backups of their websites and databases through cPanel without delay, though the company did not clarify whether these backups remained unaffected by the attack. No technical details about the intrusion vector or attacker methodology were disclosed, and NSLH representatives did not respond to media inquiries seeking clarification about the incident’s scope. The attack’s destructive nature rendered NSLH’s services inoperable, forcing the permanent cessation of operations.

The incident shared circumstantial similarities with contemporaneous attacks against two UK-based hosting providers, SapphireSecure.net and KS-Hosting.com, which supported IPTV services for pirate streaming sites. In those cases, attackers threatened to leak customer databases to law enforcement and copyright agencies unless a 2 BTC (~$92,000) ransom was paid, while alternatively offering permanent shutdown as a means to avoid data exposure or financial payment. Though no explicit ransom demand or data leakage threat was confirmed in the NSLH incident, the parallel shutdown ultimatum and targeting of hosting infrastructure raised questions about potential tactical overlaps. NSLH did not disclose whether customer data was exfiltrated, deleted, or encrypted, leaving the attack’s exact mechanism—whether data destruction, ransomware encryption, or another method—unverified by independent analysis. The company’s abrupt termination eliminated any possibility of forensic recovery or restoration of services for affected clients.