CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack.

The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware.

According to security journalist Catalin Cimpanu, who broke the story, the firm was hit by a targeted attack against its network yesterday, and received a ransom message demanding payment for the recovery of encrypted files.

Part of the extortion email obtained by ZDNet reads as follows, seemingly in an attempt to reassure CyrusOne that payment of the ransom will result in the data being recovered:

Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will not cooperate with us. Its not in our interests.

To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee.

If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise – time is much more valuable than money.

What isn’t known at present is how the ransomware managed to breach CyrusOne’s systems. However, in the past the REvil ransomware has been distributed through malicious email campaigns using spearphishing and boobytrapped documents, compromising RDP, exploit kits, and other techniques.

ZDNet reports that although CyrusOne has made no public statement about the security incident, at least one of its corporate clients has warned its own customers about the problem.

Financial and brokerage business FIA Tech informed its customers of an (Read more...)