A new ransomware attack made the headlines, systems at CyrusOne, one of the biggest data center providers in the US, were infected by the malware.
The company reported the incident to law enforcement, it hired forensics firms to investigate the attack. At the time the company has not yet disclosed the ransomware attack.
CyrusOne owns 45 data centers in Europe, Asia, and the Americas, and has more than 1,000 customers, but the infection impacted only some of them.
The company doesn’t want to pay the ransom to restore the attack.
It seems that the infection took place on December 4, 2019, when a variant of the
In May, threat actors were observed exploiting recently patched critical Oracle WebLogic Server vulnerability to deliver the Sodinokibi ransomware to organizations. In June, the ransomware hit several managed service providers, while in August the same malware infected the company behind DDS Safe solution used by hundreds of dental offices and at least 23 Texas local governments as the result of a coordinated effort.
The attack appears to be targeted in nature, but at the time of writing details of the intrusion and the extent of the attack were not disclosed.
Some customers of CyrusOne, like FIA Tech, has informed customers that the outage of their respective cloud services was caused by a problem suffered by the operator of their data center provider.