CyrusOne’s network has been infected by a ransomware attack called REvil (Sodinokibi). The company is trying to help customers restore lost data from backups.
One of the biggest data center providers in the US, CyrusOne has been attacked by a version of the REvil (Sodinokibi) ransomware, this week. To investigate the attack, the company is working with law enforcement and forensics firms. Also, it is trying to help customers restore lost data from backups.
Belongs to same ransomware family
REvil (Sodinokibi) ransomware is linked to the same ransomware family that hit several managed service providers in June, over 20 Texas local governments in early August. The same ransomware hit over 400 US dentist offices in late August also. While CyrusOne has not yet made any comment, FIA Tech, a financial and brokerage firm, has informed customers that an outage of their respective cloud services originated at their data center provider.
Although FIA Tech did not name the data center provider, clues point CyrusOne. According to FIA Tech, the attack was focused on disrupting operations to obtain a ransom from the data center provider. CyrusOne is a publicly-traded, which has 45 data centers in Europe, Asia, and the Americas.