According to a legal action, 365 Data Centers failed to secure its systems properly, leading to a ransomware attack which caused a significant outage to 365's retail colocation services.

365 Data Centers customers have filed a class action complaint in the United States District Court, District of Connecticut, which claims that the US colo company suffered a ransomware attack which caused an outage, after which it had to rebuild its entire cloud, according to Dgtl Infra.

The action, 3:22-cv-00715, Bizbudding, Inc. et al v. 365 Data Centers, LLC, has four plaintiffs, and is visible here. It claims 365's security was weak, and its systems were not properly segmented, so the entire cloud was put out of action by an attack on data held by a single customer.

365 Data Centers has yet to comment on the story. DCD has asked for more information.

Failure to segment

The complaint claims that on May 14 2022, 365 Data Centers suffered a ransomware attack, "which caused the shutdown of their entire cloud network and loss of its clients’ data and critical infrastructure”. The complaint says that customers “could not access their websites, customer portals, and other critical information technology infrastructure."

The outage was also reported on Reddit in a thread where information from an insider led users to believe that the outage was caused by ransomware. Dgtl Infra reports that a 365 staffer described a ransomware attack that was enabled by an exploit and "poor security practice."

No details have been given of the precise nature of the ransomware attack, but the plaintiffs have shared an email from the company's CEO Bob DeSantis and CTO James Cornman which admits that 365's cloud infrastructure was hit by a ransomware attack, which was not aimed at 365 or its customers, but at data stored at the colo site.

"The intended target was a third party whose data is stored in a dedicated environment on our cloud platform," said the CEO and CTO. "Unfortunately, for our valued customers and 365 Data Centers, the cyber-attacker broadened the ransomware attack."

The broad ransomware attack interrupted service for everyone, but the only data taken was from the target, the message claims.

At this point, 365's problems deepened, because it appears that the attackers were asking a ransom from their intended target, who did not play ball.

On May 25, ten days after the attack, the executives said: "We worked tirelessly in tandem with our experts and government authorities and positioned 365 Data Centers to initiate restoration. Unfortunately, the resolution of the third-party circumstances is not in our control and continues to prevent us from moving ahead in our recovery process."

This meant 365 had to rebuild its cloud from scratch, alongside attempts to retrieve any data that escaped the attack: "While we continue to monitor the third party’s resolution of the cyber-attack, 365 Data Centers believes that at this point in time the prudent path forward is to rebuild the affected cloud platform. This will be conducted along with an all-out effort to retrieve all data within the existing cloud environment that can still be accessed."

During the outage, the 365 customer portal was down, and services were halted. Users on the Reddit thread complain that the company did not quickly respond to queries about the outage.

For a period, www.365datacenters.com was replaced by temp.365datacenters.com, and 365's customers experience difficulties carrying out their business and lost revenue.

According to Dgtl Infra, the class action complaint is led by web service provider Bizbudding, which operates around 40 percent of its business through 365 Data Centers web space. Also signed on the action are three Bizbudding clients: athletics training specialist Parisi Speed School, health advice service Core Wellness, and the PaleoMom which provides advice on the Paleo diet and related subjects..

BizBudding's status reports, and progress reports on the restoration of service, are here. The reports stop on May 28, which may be the date when Bizbudding decided to raise a legal action against 365.

PaleoMom, run by Dr. Sarah Ballantyne, is still offline, with Ballantyne saying: "My site got caught up in a ransomware attack on someone else! That someone else is not paying the ransom, so my team and I are working to rebuild all the amazing content I have spent the last 10+ years creating."

Ballantyne is pitching for funding to rebuild the site on Indiegogo

365 Data Centers has 13 facilities across the US, and is owned by Stonecourt Capital, which took a majority stake in the company in 2020. Since then, the colo company has sold one facility to Netrality and another Michigan facility to a real estate investor.

Ransomware attacks on colocation providers are not unheard of, but the consequences are often less severe In September 2020, Equinix suffered a ransomware attack. As the company's internal systems are separate from customers' equipment, Equinix said that all its facilities and service offerings remained fully operational, according to an interview with DCD. .

Previously CyrusOne suffered an attack in 2019, which did impact some customers.

365 Data Centers itself provides a helpful page of information about ransomware which assures customers that "365 Data Centers is here to help and protect your data."