U.S. data center vendor CyrusOne was infected by ransomware
Recently, CyrusOne, a well-known data center provider in the United States, was attacked by Sodinokibi (also known as REvil) ransomware, causing its service interruption. Although the company has not disclosed any details, financial and brokerage firm FIA Tech has informed its clients of the incident.
The company is one of the largest data center suppliers in the United States, with 45 data centers in Europe, Asia, and the Americas, with a total of more than 1,000 customers. It is understood that the accident only affected some data centers of CyrusOne. CyrusOne is currently working with law enforcement and forensic agencies to investigate the attack.
FIA Tech said the attack continued for four hours while the attackers had access to their products and destroy recovery environments. For the malware involved in this incident, FIA Tech confirmed that it is a Sodinokibi variant. This variant is a new variant that has not been detected by too many antivirus software.
Sodinokibi ransomware has reportedly caused multiple accidents. This June, the ransomware attacked several hosting service providers. In early August, the ransomware attacked more than 20 local governments in Texas, USA, and attacked more than 400 US dental offices in late August.