Six Customers Affected by Ransomware Attack on CyrusOne
One of the largest data center providers in America has become the victim of a ransomware attack.
Texas company CyrusOne confirmed yesterday that an attack involving REvil (Sodinokibi) ransomware had taken place on Wednesday. Customers of the company's New York data center, located in Wappingers Falls, suffered a loss of service as a result of the incident.
A CyrusOne spokesperson said: "Six of our managed service customers, located primarily in our New York data center, have experienced availability issues due to a ransomware program encrypting certain devices in their network.
"Our data center colocation services, including IX and IP Network Services, are not involved in this incident. Our investigation is on-going, and we are working closely with third-party experts to address this matter."
The attackers advised CyrusOne that they would decrypt one file encrypted in the ransomware attack as a show of good faith that the remaining hijacked data would be returned upon receipt of payment.
Exactly how the attackers gained entry to the company's network is currently unknown. The attackers say they have a private key, which they claim is the only way to access the stolen information.
CyrusOne serves thousands of customers across 48 different data centers located around the world. Among its customers are over 200 Fortune 1,000 companies. The company said that it is currently using backups to help its customers recover lost data.
This incident is not the first time that this particular strain of the Sodinokibi ransomware has been a total pain in the coco de mer. REvil was used to attack Oracle's WebLogic server in April of this year, and since then it has also been deployed against more than 400 American dental practices and over 20 Texas municipalities.
Thomas Hatch, CTO and co-founder at SaltStack, commented: "The response and remediation from CyrusOne have been excellent given its ability to restore data from backups and respond rapidly to the attack. However, this situation highlights that data center and IaaS providers are just as vulnerable to attacks as other companies. While IaaS providers generally create very secure infrastructures, there is still the liability that they can be attacked in this manner."
Source: Information Security Magazine