Experts Comments: CyrusOne Hit By Ransomware Attack

CyrusOne, one of the biggest data centre providers in the US, has suffered a ransomware attack, ZDNet has learned.

CyrusOne is currently working with law enforcement and forensics firms to investigate the attack and is also helping customers restore lost data from backups.

The incident took place yesterday and was caused by a version of the REvil (Sodinokibi) ransomware.

This is the same ransomware family that hit several managed service providers in June, over 20 Texas local governments in early August, and 400+ US dentist offices in late August.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Rob Gurzeev
Rob Gurzeev , CEO and Co-Founder
InfoSec Expert
December 7, 2019 6:05 am

More organizations with non-technical users and employees are actively educating users to avoid the \”accidental clicks\” that can open the door to such ransomware attacks, and it is surprising that a tech-savvy environment fall victim to these attacks. But casting blame on employees is absolutely the wrong conclusion to jump to.

Many organizations are unaware of their exposed Internet-facing assets and data that provide hackers with a ready conduit into the organization. These blind spots are IT assets that are not managed and may note even be known to IT and security teams, such as abandoned servers, DevOps test sites, third party entryways, etc. Such open conduits are course part of the organization\’s attack surface. These assets are part of an organization\’s \”shadow risk\” and they present an open pathway to an attacker. That is why it\’s imperative for organizations to map their attack surface, expose that shadow risk, and eliminate any critical attack vectors before attackers leverage them.

Last edited 2 years ago by Rob Gurzeev
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
December 6, 2019 2:34 pm

The specifics of this attack are still not entirely clear, so the lessons learned are still to be identified. However, the majority of ransomware attacks are the result of well-known, preventable vulnerabilities. Known vulnerabilities are an easy path for an intruder to take to get into an organisation. But it\’s apparent that many organisations still aren\’t minding the cybersecurity basics and that’s why ransomware attacks continue to be launched – and continue to succeed. But good basic security practices can mitigate against ransomware and limit the impact of these attacks.

There are steps that organisations can take to protect themselves against ransomware, such as adopting a zero trust security method, having a regular backup routine, and implementing an established process for patching against known security vulnerabilities. The next step is to invest in modern cybersecurity solutions with machine learning algorithms that can identify anomalous behaviours in real-time, before an attacker can strike.

Last edited 2 years ago by Saryu Nayyar
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x