A major Dallas-based data center operator says it is working to restore service to six of its customers after a ransomware attack.
CyrusOne Inc. disclosed the attack Thursday and said affected customers are primarily hosted at the company’s New York data center. The computer hack encrypted customers’ devices.
“Upon discovery of the incident, CyrusOne initiated its response and continuity protocols to determine what occurred, restore systems and notify the appropriate legal authorities,” the company said in a statement.
Tech news site ZDNet reported that the attack took place Wednesday and was caused by a version of the REvil (Sodinokibi) ransomware. That ransomware hit several managed service providers in June, over 20 Texas local governments in early August, and more than 400 U.S. dentist offices in late August, according to ZDNet.
The hackers’ ransom note, which ZDNet partially published, said it was a targeted attack against the company’s network.
One of customers impacted is FIA Tech, a financial and brokerage firm that suffered an outage of its cloud services. It sent a message to customers that said “the attack was focused on disrupting operations in an attempt to obtain a ransom from our data center provider,” ZDNet reported.
CyrusOne said its data center colocation services, including IX and IP Network Services, weren’t involved in the attack.
The managed services business is a small part of CyrusOne’s offerings, which include colocation facilities for about 1,000 customers across 48 different data centers globally, according to industry news site Data Center Knowledge. It serves more than 200 Fortune 1,000 companies.
REvil ransonware was initially used to attack Oracle’s WebLogic server. Cybersecurity research firm Cybereason dubbed it “the crown prince of ransomware,” Data Center Knowledge reported.
In mid-October, security firm McAfee tracked REvil bitcoin payments to an account containing 443 bitcoin, which was then equivalent to about $4.5 million.