CyrusOne fallen victim to an attack by REvil malware attack impacting six of its managed services customers
CyrusOne fallen victim to an attack by REvil malware attack impacting six of its managed services customers.
CyrusOne
CyrusOneis a real estate investment trust, owning 45 operating data centre facilities in 12 markets, including 10 markets in the United States, as well as London and Singapore. The company has more than 1,000 customers.
Scope of attack
The ransomware attack was caused by a version of the REvil ransomware, known as Sodinokibi infecting the data centre provider. CyrusOne confirmed the ransomware incident on its investor portal.
The attackers gained access to the network resources at the CyrusOne facility on December 4, Wednesday. The attacker encrypted the files belonging to the customers and CyrusOne and sent a ransom demand to decrypt the files.
“Six of our managed service customers, located primarily in our New York data centre, have experienced availability issues due to a ransomware program encrypting certain devices in their network,” CyrusOne told ZDNet.
“Our data centre colocation services, including IX and IP Network Services, are not involved in this incident. Our investigation is on-going and we are working closely with third-party experts to address this matter,” the company said.
Just a business transaction
The only objective of the attackers in targeting CyrusOne is to gain ransom. The attacker claimed in the note that they consider the attack nothing more than a business transaction, aimed at exclusively at profiting. CyrusOne does not intend to pay the ransom demand to attackers even though it will lose the affected data, cybercriminals claim to have.
What is REvil malware?
REvil malware, a popular malware used in other high profile ransomware attacks. The cybersecurity research firm Cybereason noctornus titled Sodinokibi as “the crown prince of ransomware.”
Sodinokibi has been observed distributing the ransomware using spear-phishing and weaponised documents.
Similar attacks of REvil malware
This is the same ransomware family that hit several managed service providers in June.
The ransomware also hit more than 23 Texas municipalities in early August and 400+ US dentist offices in late August.
In mid-October, the security firm McAfee tracked REvil bitcoin payments to an account containing 443 bitcoin.
Cybercriminals intend to hit companies core where it gets hurt so that they can expect higher chances of ransom payouts.
“The response and remediation from CyrusOne have been excellent given its ability to restore data from backups and respond rapidly to the attack,” said Thomas Hatch, CTO and Co-Founder at SaltStack.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: ASP.NET Hit by Ransomware