Skip to main content
close search
site logo
Dive Brief

CyrusOne hit by REvil ransomware, impacting 6 managed service customers

Published Dec. 5, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Michael Geiger for Unsplash

Dive Brief:

  • Six of CyrusOne's managed service customers, primarily in its New York data center, experienced availability issues following a ransomware attack, a CyrusOne spokesperson told CIO Dive in an email. Some of the devices in the customers' network were encrypted by the attack. 
  • An investigation is underway with law enforcement support. "Our data center colocation services, including IX and IP Network Services, are not involved in this incident. Our investigation is on-going and we are working closely with third-party experts to address this matter," according to the company. 
  • First reported by ZDNet, the strain was a version of REvil (Sodinokibi), which has connections to the ransomware attacks on more than 23 Texas municipalities and 400 U.S. dentist offices.

Dive Insight:

The REvil ransomware family is having a busy year. It was detected at the end of April, according to McAfee

"Overall the code is very well written and designed to execute quickly to encrypt the defined files in the configuration of the ransomware," according to McAfee research. The malware attempts to "get all functions needed in runtime and make a dynamic IAT to try obfuscating the Windows call in a static analysis." 

In August, local Texas governments were hit by "coordinated ransomware" attack causing the state to declare a state of emergency. By September, Texas had restored business-critical services after the REvil attack. 

The ransomware hitting dentist offices was part of a larger trend for the year. Since Oct. 1, there were at least 15 recorded ransomware attacks on U.S. healthcare networks, municipalities, school districts, police departments and employment agency offices, according to research from Armor.   

In November, Louisiana Governor John Bel Edwards disclosed a ransomware attack "similar to the ransomware targeted at local school districts and government entities" over the summer, he said in a tweet

In an "abundance of caution," Louisana's Office of Technology Services disabled state servers, which temporarily disrupted state agencies' email, websites and online applications, said Bel Edwards. The service interruption was due to the state's proactive safety precautions to prevent the ransomware from spreading. 

A total of 13 managed service providers or cloud-based service providers were hit by ransomware so far this year, according to Amor. In its note, CyrusOne's hackers said "it's in your interests to get your files back. From our side, we (the best specialists) make everything for restoring." In some cases, when attacks are on smaller entities, paying the ransom is worth it

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell