US data center company hit by REvil ransomware

CyrusOne, one of the largest data center companies in the United States, has been hit by ransomware. Six of the company’s customers have been affected by the ransomware attack. The company has no intention of paying the ransom.

The text file accompanying the ransomware.
Image via Malwarebytes

A CyrusOne spokesperson confirms the attack, ZDNet writes. The company is said to have been affected by REvil ransomware, also known as Sodinokibi. The company is working with law enforcement and forensics to investigate the ransomware attack and restore affected customers’ systems. “Six of our managed service customers have experienced service availability issues due to a ransomware program that encrypts devices in their systems,” the company told ZDNet. The company’s colocation services have not been affected.

Financial company and stockbroker FIA Tech, among others, is suffering from the ransomware attack on CyrusOne. Due to the ransomware, the cloud services of FIA Tech were not available. Sources tell ZDNet that CyrusOne has no plans to pay the ransom for the time being. CyrusOne owns 45 data centers in Europe, Asia and the Americas. The company is said to have more than a thousand customers.

The Sodinokibi ransomware encrypts all files on a computer, appending a random file type extension, and then leaves behind a text file detailing the attack on the affected computer. In this, victims are asked to transfer an amount via the Tor browser, after which the criminals provide the encryption key. According to ZDNet, the ransomware hit more than 20 local government agencies in Texas earlier this year. Details about the exact copy of the ransomware that infected CyrusOne appeared on VirusTotal earlier this week. Presumably it was a targeted attack on CyrusOne.