UPDATED 20:00 EDT / DECEMBER 05 2019

SECURITY

Data center provider CyrusOne hit by ransomware attack

Data center provider CyrusOne Inc. has suffered a ransomware attack knocking at least some of its customers offline.

The attack, believed to involve a version of the REvil (Sodinokibi) ransomware, according to a report today by ZDNet, took place Dec. 4.

A ransom note sent to the CyrusOne included its name at the top, suggesting that the attack was specifically targeted at the company rather than a random attack. The ransom note did not provide a demand for payment, instead a referral to a website for further information.

CyrusOne has confirmed the attack, saying in a statement that “six of our managed service customers, located primarily in our New York data center, have experienced availability issues due to a ransomware program encrypting certain devices in their network.” The company also said it’s working with law enforcement on the matter and that its “data center colocation services, including IX and IP Network Services, are not involved in this incident.”

How the attack took place is currently unknown. The Sodinokibi ransomware has been in the news previously this year, used to cripple hundreds of dentist offices in August.

CyrusOne has started to restore affected data.

“The response and remediation from CyrusOne have been excellent given its ability to restore data from backups and respond rapidly to the attack,” Thomas Hatch, co-founder and chief technology officer and at information technology automation software provider SaltStack Inc., told SiliconANGLE. But he said the situation illustrates that that data center and cloud infrastructure-as-a-service providers are just as vulnerable to attacks as other companies.

Hatch added that it’s getting easier for hackers to target specific companies, such as banks, by attacking the underlying cloud infrastructure they use. “This places more emphasis on the need for infrastructure providers to deliver underlying infrastructures that are not only secure but capable of doing what CyrusOne has done — restore ransomed data from backups,” he said.

Oussama El-Hilali, CTO of Arcserve LLC, said CyrusOne has a long road to recovery ahead. “These days, extended downtime can cause irreparable damage to a company’s bottom line,” he said. “Therefore, it’s critical for data center providers to ensure the backups they’re recovering are clean and ransomware-free.”

 

Photo: 5chw4r7z/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.