Niche Cloud Provider Data Resolution Still Resolving Christmas Malware Attack
Cloud hosting provider Data Resolution was briefly locked out of its own domain over the Christmas holiday break and was still working Wednesday to restore operations for many of its customers.
The San Juan Capistrano, Calif.-based company saw its systems infected on Christmas Eve by Ryuk—the same malware that impaired delivery operations for newspapers across the country, reported Krebs on Security, the blog of tech journalist Brian Krebs.
Data Resolution specializes in hosting Microsoft Dynamics and SharePoint, and some of those workloads for mid-market customers were still not back up and running by Wednesday morning, according to a status message Krebs published that the company shared with its customers on Dropbox.
Ryuk is ransomware—malicious software that encrypts data and only releases it once a ransom is paid—that's been linked to North Korea.
The company told customers once the ransomware attached to its systems on Christmas Eve, it shut down its network and hired security consultants to come in on Christmas. CRN has reached out to Data Resolution for comment.
The Data Resolution status page said no ERP database or SQL server has been locked out, and data was not stolen or otherwise compromised.
But the company told customers on the last day of the year that it couldn't release copies of their databases before they were "cleaned" for "Liability reasons."
This morning, Data Resolution updated customers on the status page, saying it was still restoring email, SQL server and Dynamics SQL server accounts, as well as Dynamics NAV, GP and SL—business solutions for mostly mid-market customers.
Krebs also reported that a Data Resolution customer said the hosting company was restoring those systems from backups, and not paying the ransom to the cyber-criminals.
Tribune Company, which publishes the Chicago Tribune and Los Angeles Times, was just one of the big publishers that saw delays resulting from the ransomware infecting its print and distribution facilities.
Cybersecurity vendor CheckPoint first probed Ryuk this past summer and connected it to the Lazarus Group, a team of North Korean hackers.