CyrusOne which is one of the biggest data center providers in the US, was affected by a ransomware attack yesterday.
The attack was caused by a version of the REvil (Sodinokibi) ransomware which is the same ransomware family that hit several managed service providers in June, over 20 Texas local governments in early August, and 400+ US dentist offices in late August.
As per the copy of the ransom note, this attack was a targeted one against the company’s network. At present the point of entry is not known.
CyrusOne has not revealed the incident publicly. No CyrusOne spokesperson was available for comment, either via phone call, email, or a live support chat via the company’s website.
FIA Tech, a financial and brokerage firm, has informed customers today that an outage of their respective cloud services originated at their data center provider. FIA Tech did not name the data center provider, however through search it was identified as CyrusOne.
FIA Tech messaged the customers that the attack was focused on disrupting operations in an attempt to obtain a ransom from their data center provider.
It was reported that the incident has not impacted all of CyrusOne’s data centers, but restoring servers and customer data will be a lengthy process. CyrusOne did not intend to pay the ransom demand, barring any future unforeseen developments.
CyrusOne is currently working with law enforcement and forensics firms to investigate the incident and is also helping customers restore lost data from backups.
CyrusOne which is a publicly-traded, NASDAQ-listed company (NASDAQ:CONE), owns 45 data centers in Europe, Asia, and the Americas, and has more than 1,000 customers.