Breach, Data Security
Data center provider CyrusOne hit with REvil ransomware: Report
One day after news broke that data center provider CyrusOne was reportedly hit with a combination ransomware/data breach involving the REvil (aka Sodinokibi) ransomware the company issued a statement confirming the incident.Initially, CyrusOne did not release any details, but ZDNet reported the attack took place on December 4. A screenshot of the ransom note indicated all the files were locked and that the threat actors would allow one file to be decrypted for free as an act of good faith that a payment would result in all the files being unlocked.In a statement posted on December 5 the company said its managed service division was working to restore availability issues to six managed service customers due to a ransomware program encrypting certain devices. The customers are primarily serviced by CyrusOne’s New York Data Center."CyrusOne’s data center colocation services, including IX and IP Network Services, are not involved in this incident," the company said.Tripwire’s
Graham Cluley noted that historically REvil has been distributed through
malicious email campaigns using spearphishing and boobytrapped documents,
compromising RDP and exploit kits.Over the
last year Sodinokibi
has been used in several attacks and may possibly have been created by the developers
who were behind GandCrab.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds