A major US data center shook by ransomware attack

  • This ransomware family has hit several MSPs lately, over 20 Texas local governments in early August, and 400+ US dentist offices in late August.
  • The company is helping customers restore systems impacted systems.

With advancing sophisticated techniques used by cybercriminals today, it has become challenging than ever to shrink attack surfaces and deny malware the uniformity to propagate.

Recently, one of the biggest data center providers in the US has suffered a ransomware attack.

What happened?

Yet another version of REvil (also known as SODINOKIBI) ransomware managed to infiltrate the networks of CyrusOne. The point of entry is currently unknown.

A CyrusOne spokesperson has confirmed the incident to ZDNet, and said that investigation is under progress. Meanwhile, the company is helping customers restore systems impacted systems.

"Six of our managed service customers, located primarily in our New York data center, have experienced availability issues due to a ransomware program encrypting certain devices in their network," CyrusOne told ZDNet.

"Our data center colocation services, including IX and IP Network Services, are not involved in this incident. Our investigation is on-going and we are working closely with third-party experts to address this matter," the company said.

The impact

As revealed by ZDNet, this is the same ransomware family that hit several MSPs in June, over 20 Texas local governments in early August, and 400+ US dentist offices in late August.

The ransomware attack caused an outage for FIA Tech cloud services, which happens to be one of the six impacted customers of the data center firm.

Without naming the data center, FIA Tech alerted its customers about the breach and said: "the attack was focused on disrupting operations in an attempt to obtain a ransom from our data center provider."

However, a quick search identified that it talked about CyrusOne data center.

What now?

CyrusOne does not intend to pay the ransom demand. If so, it will purportedly lose the affected data as the cybercriminals claim to have the private key.

The company presently owns 45 data centers in Europe, Asia, and the Americas, and has more than 1,000 customers.