UPDATED 20:00 EST / DECEMBER 05 2019

SECURITY

Data center provider CyrusOne hit by ransomware attack

Data center provider CyrusOne Inc. has suffered a ransomware attack knocking at least some of its customers offline.

The attack, believed to involve a version of the REvil (Sodinokibi) ransomware, according to a report today by ZDNet, took place Dec. 4.

A ransom note sent to the CyrusOne included its name at the top, suggesting that the attack was specifically targeted at the company rather than a random attack. The ransom note did not provide a demand for payment, instead a referral to a website for further information.

CyrusOne has confirmed the attack, saying in a statement that “six of our managed service customers, located primarily in our New York data center, have experienced availability issues due to a ransomware program encrypting certain devices in their network.” The company also said it’s working with law enforcement on the matter and that its “data center colocation services, including IX and IP Network Services, are not involved in this incident.”

How the attack took place is currently unknown. The Sodinokibi ransomware has been in the news previously this year, used to cripple hundreds of dentist offices in August.

CyrusOne has started to restore affected data.

“The response and remediation from CyrusOne have been excellent given its ability to restore data from backups and respond rapidly to the attack,” Thomas Hatch, co-founder and chief technology officer and at information technology automation software provider SaltStack Inc., told SiliconANGLE. But he said the situation illustrates that that data center and cloud infrastructure-as-a-service providers are just as vulnerable to attacks as other companies.

Hatch added that it’s getting easier for hackers to target specific companies, such as banks, by attacking the underlying cloud infrastructure they use. “This places more emphasis on the need for infrastructure providers to deliver underlying infrastructures that are not only secure but capable of doing what CyrusOne has done — restore ransomed data from backups,” he said.

Oussama El-Hilali, CTO of Arcserve LLC, said CyrusOne has a long road to recovery ahead. “These days, extended downtime can cause irreparable damage to a company’s bottom line,” he said. “Therefore, it’s critical for data center providers to ensure the backups they’re recovering are clean and ransomware-free.”

 

Photo: 5chw4r7z/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU