CyrusOne, one of the biggest data centre providers in the US, has suffered a ransomware attack, ZDNet has learned.
CyrusOne is currently working with law enforcement and forensics firms to investigate the attack and is also helping customers restore lost data from backups.
The incident took place yesterday and was caused by a version of the REvil (Sodinokibi) ransomware.
This is the same ransomware family that hit several managed service providers in June, over 20 Texas local governments in early August, and 400+ US dentist offices in late August.
The incident took place yesterday and was caused by a version of the REvil (Sodinokibi) ransomware. CyrusOne is currently working with law enforcement & forensics firms to investigate the attack and is also helping customers restore lost data from backups. https://t.co/0qGGD75rur
— Jinson Varghese (@JinsonCyberSec) December 5, 2019
More organizations with non-technical users and employees are actively educating users to avoid the \”accidental clicks\” that can open the door to such ransomware attacks, and it is surprising that a tech-savvy environment fall victim to these attacks. But casting blame on employees is absolutely the wrong conclusion to jump to.
Many organizations are unaware of their exposed Internet-facing assets and data that provide hackers with a ready conduit into the organization. These blind spots are IT assets that are not managed and may note even be known to IT and security teams, such as abandoned servers, DevOps test sites, third party entryways, etc. Such open conduits are course part of the organization\’s attack surface. These assets are part of an organization\’s \”shadow risk\” and they present an open pathway to an attacker. That is why it\’s imperative for organizations to map their attack surface, expose that shadow risk, and eliminate any critical attack vectors before attackers leverage them.
The specifics of this attack are still not entirely clear, so the lessons learned are still to be identified. However, the majority of ransomware attacks are the result of well-known, preventable vulnerabilities. Known vulnerabilities are an easy path for an intruder to take to get into an organisation. But it\’s apparent that many organisations still aren\’t minding the cybersecurity basics and that’s why ransomware attacks continue to be launched – and continue to succeed. But good basic security practices can mitigate against ransomware and limit the impact of these attacks.
There are steps that organisations can take to protect themselves against ransomware, such as adopting a zero trust security method, having a regular backup routine, and implementing an established process for patching against known security vulnerabilities. The next step is to invest in modern cybersecurity solutions with machine learning algorithms that can identify anomalous behaviours in real-time, before an attacker can strike.