CyrusOne, one of the largest data center companies in the United States, has been affected by ransomware. Six customers of the company have encountered problems due to the ransomware attack. The company would not intend to pay the ransom.
The text file with the ransomware.
Image via Malwarebytes
A CyrusOne spokesperson confirms the attack, writes ZDNet . The company is said to have been hit by the REvil ransomware, also known as Sodinokibi . The company works with the police and forensic authorities to investigate the ransomware attack and restore the systems of affected customers. “Six of our managed service customers have encountered problems with the availability of our services through a ransomware program that encrypts devices in their systems,” the company tells ZDNet. The company’s colocation services are not affected.
Financial company and stockbroker FIA Tech, among others, is suffering from the ransomware attack on CyrusOne. Due to the ransomware, the FIA Tech cloud services were not available. Sources report to ZDNet that CyrusOne is not yet planning to pay the ransom. CyrusOne owns 45 data centers in Europe, Asia and America. The company would have more than a thousand customers.
The Sodinokibi ransomware encrypts all files on a computer, and adds any file type extension to it, then leaves a text file with details about the attack on the affected computer. Herein victims are called to transfer an amount via the Tor browser, after which the criminals state that they provide the encryption key. According to ZDNet , the ransomware affected more than 20 local government agencies in Texas earlier this year. Details about the exact copy of the ransomware that infected CyrusOne appeared on VirusTotal earlier this week . Presumably it was a targeted attack on CyrusOne.