CyrusOne MSP Customers Victims of Ransomware Attack

CyrusOne MSP Customers Victims of Ransomware Attack

By Laura Stotler

Six MSPs in the New York area, including financial and brokerage firm FIA Tech, are the latest ransomware attack victims. The companies, all customers of data center provider CyrusOne, experienced availability issues after last week’s attack, which was traced to a version of the REvil/Sodinokibi ransomware.

The attack encrypted certain devices through the CyrusOne network, directly impacting service levels for the company’s MSP customers. It mainly impacted customers using the company’s Wappinger Falls, NY data center. According to a copy of a ransom note sent to CyrusOne, the company was deliberately targeted in the attack, although the point of entry is still unknown.

The same ransomware was used to attack several MSPs in June, and more than 20 Texas cities and 400 dentists’ offices in August. MSPs have become prime targets for ransomware attacks, and the Homeland Security Department recently issued a warning about an ongoing campaign of attacks linked to the Chinese government.

"Upon discovery of the incident, CyrusOne initiated its response and continuity protocols to determine what occurred, restore systems, and notify the appropriate legal authorities," CyrusOne wrote in a statement acknowledging the attack. "The investigation is ongoing, and CyrusOne is working closely with third-party experts to address this matter."

CyrusOne said the company is working with law enforcement and forensics firms to investigate the attack, while also working with the impacted MSPs to restore their systems. It also said the company’s data center colocation services, which include the IX and IP Network Services, were not impacted by the attack.

FIA Tech was one of the MSPs directly impacted by the attack, and experienced an outage of its cloud services. A statement on the company’s website said the ransomware attack targeted its production and disaster recovery servers. The servers were under fire during a four-hour window, but the company said attackers were not able to access any confidential trade or customer data.

“There is currently no evidence that any data was exfiltrated, instead the attack was focused on disrupting operations in an attempt to obtain a ransom from our data center provider,” wrote FIA Tech in a statement. “The service provider believes the objective of the hack was not to steal data.”

For its part, CyrusOne does not intend to pay the ransom. The company acknowledged that ransomware has become a risk factor for its business in a regulatory filing last year. “We recognize the increasing volume of cyberattacks and employ commercially practical efforts to provide reasonable assurance such attacks are appropriately mitigated,” wrote CyrusOne in the filing. “Each year, we evaluate the threat profile of our industry to stay abreast of trends and to provide reasonable assurance our existing countermeasures will address any new threats identified.”

To provide additional information about ransomware attacks and security measures for MSPs, TMC is hosting its MSP Expo in Fort Lauderdale, FL from February 12-14. The event will offer information about technology, hacking threats and security measures MSPs can take to protect themselves and their customers.

Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Contributing Editor

Related Articles

More Partners Look to Offer AI/ML Solutions, a Potential New Revenue Stream

By: Greg Tavarez    12/1/2023

A recent TD SYNNEX report revealed that 37% of partners have already incorporated AI/ML solutions into their offerings, and an additional 40% of partn…

Read More

Accenture Expands Footprint, Capabilities in Spain with Innotec Security Acquisition

By: Greg Tavarez    11/30/2023

Accenture expanded its capabilities and footprint in Spain, where 70% of CEOs from large organizations are concerned about their organizations' abilit…

Read More

Majority of Organizations Unprepared to Handle Targeted Cyberattack

By: Greg Tavarez    11/30/2023

The majority of CISOs and 53% of CEOs believe that their organization is unprepared to cope with a targeted cyberattack in the next 12 months, accordi…

Read More

Majority of IT Decision-Makers Opt for Service Provider Support in Cloud Migrations

By: Greg Tavarez    11/30/2023

Many IT leaders say they rely on service provider assistance for successful cloud migrations, according to a recent RapidScale study.

Read More

Alef and Frontera Collaborate and Expand Private Mobile Networks Platform Reach in Schools

By: Greg Tavarez    11/29/2023

Alef recently teamed up with Frontera Consulting Group to provide equal access to quality education, regardless of a student's economic background.

Read More