
Six New York-area managed service customers of data center provider giant CyrusOne have been affected by a ransomware attack.
These managed service clients have experienced availability issues due to a ransomware program encrypting certain devices in their network, a spokesperson for Dallas-based CyrusOne said in a statement. The company said it’s currently working with law enforcement and forensics firms to investigate the attack, as well as with the involved customers to restore their affected systems.
“Our data center colocation services, including IX and IP Network Services, are not involved in this incident,” CyrusOne said in a statement provided to CRN. “Our investigation is ongoing and we are working closely with third-party experts to address this matter.”
[Related: Digital Realty Eyeing CyrusOne Acquisition: Report]
CyrusOne’s stock fell $1.10 (1.69 percent) to $64.01 in trading Thursday. The ransomware attack was first reported early Thursday by ZDNet.
The attack took place Wednesday and was caused by a version of the REvil (Sodinokibi) ransomware, according to ZDNet. That’s the same family of ransomware that hit several managed service provides in June, more than 20 Texas cities in early August, and upward of 400 dentists offices in late August.
Adversaries deliberately targeted CyrusOne’s network for attack, according to a copy of the ransom note obtained by ZDNet. The point of entry into CyrusOne’s network remains unknown, ZDNet said.
Financial and brokerage firm FIA Tech was one of the six customers affected by the ransomware attack, which caused an outage on the company’s cloud services, ZDNet said. FIA Tech didn’t name the data center provider, but ZDNet said a quick search identifies it as CyrusOne.
“There is currently no evidence that any data was exfiltrated,” FIA Tech said in a message to customers. “Instead, the attack was focused on disrupting operations in an attempt to obtain a ransom from our data center provider.”
Barring any unforeseen developments, CyrusOne doesn’t intend to pay the ransom, a source close to the company told ZDNet. The attack comes after Bloomberg reported that CyrusOne was considering selling itself.
In a regulatory filing from last year, CyrusOne explicitly listed “ransomware” as a risk factor for its business.
“We recognize the increasing volume of cyberattacks and employ commercially practical efforts to provide reasonable assurance such attacks are appropriately mitigated,” CyrusOne said in the filing. “Each year, we evaluate the threat profile of our industry to stay abreast of trends and to provide reasonable assurance our existing countermeasures will address any new threats identified.”
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

BlackBerry
BlackBerry Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

NPD
Industry Trends 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

StorageCraft
Disaster Recovery Learning Center

APC by Schneider Electric
IoT Platforms 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

WatchGuard
WatchGuard

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Tenable
Cyber Risk 360

Wasabi
Wasabi

Dell Technologies
Dell Technologies Server Learning Center

HubStor
Cloud Backup 360

Carbonite
Cloud Storage 360

Comcast
Comcast Business Learning Center

Trend Micro
Managed Security 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Veeam
Veeam

Webroot
Webroot Learning Center
