- CyrusOne was hit by REvil, and the company is working towards restoration without paying.
- The ransomware actors found their way in six New York-based data centers, affecting an equal number of clients.
- Considering the size and global presence of CyrusOne, the problem could be a lot worse.
CyrusOne, a U.S.-based data center provider is going through rough times, as they suffered a successful ransomware attack. ZDNet reports that the firm is currently working with a third party to help them investigate the incident and bring back their systems to normal operating status, while they have also informed the authorities accordingly. As CyrusOne confirmed to ZDNet, there are six data centers that sustained the ransomware attack in New York, encrypting certain devices in the associated network. IX and IP Network Services were not affected by this incident though.
The strain that was used is the now-trending “REvil” RaaS, which is also known as “Sodinokibi”. We have seen the same strain causing trouble to various companies and organizations, as well as hundreds of dentist offices across the United States. CyrusOne is still trying to figure out what the point of entry was. According to unnamed sources, the firm is not planning to pay the ransom that was demanded by the actors. Whether or not they are planning to restore from backups is unknown, but I guess that a company of this size and technical expertise is prepared for incidents of this type. As for the outage, the firm has not provided an approximation about when their services will be restored to normality.
Six CyrusOne customers were impacted by this, but we can only confirm FIA Technology, which has circulated messages to its clients. Obviously, there’s a disruption for these six companies, but the situation could be a lot worse if the damage wasn’t contained to the New York-based data centers. CyrusOne services more than a thousand clients, and operates 45 data centers around the globe.
As we discussed a week ago, ransomware attacks against service providers, governmental organizations, and companies of all sizes constitute a risk that is here to stay. Firms like CyrusOne should establish stringent protection measures, otherwise, their business could be quickly derailed. Practices like regular patching, code execution prevention, web traffic filtering, and limited use of removable media are key in staying safe against ransomware threats. Malicious actors are searching for entry points all day long, do so in large numbers, and are extremely persistent. Large firms constitute lucrative targets for ransomware actors and simply cannot afford to leave a security gap anywhere, not even for a brief moment.