A ransomware attack on a CyrusOne data center has disrupted services to multiple customers, including a financial services customer.
CyrusOne has refused to pay the demand, and is working to restore services to the customers, according to reports and a company statement. The global data center REIT, which is rumored to be a takeover target, says that the attack only affects managed services customers at a data center in New York, with colocation customers, and businesses located elsewhere unaffected.
On Wednesday 4 December, attackers gained access to network resources at the CyrusOne facility, and encrypted files belonging to customers, sending a ransom demand to the customers and CyrusOne. The following day, one of the victims, financial firm FIA Tech, said it had suffered a cloud outage that was "focused on disrupting operations in an attempt to obtain a ransom from our data center provider." ZDNet was the first to break the news that this provider was CyrusOne.
CyrusOne then confirmed on its investor portal that it is "addressing" a ransomware incident, saying that its managed service division is "working to restore availability issues to six managed service customers due to a ransomware program encrypting certain devices."
The company says it has initiated response and continuity protocols to find out what had happened, to restore systems, and notify legal authorities: "The investigation is ongoing and CyrusOne is working closely with third-party experts to address this matter.
The customers are mostly serviced by CyrusOne’s New York Data Center, according to the statement, which says: "CyrusOne’s data center colocation services, including IX and IP Network Services, are not involved in this incident."
CyrusOne has some 45 data centers in the US, Asia, and Europe. During the summer, Bloomberg reported that the company is a takeover target, after expansion left it in the red.
DCD has contacted CyrusOne for more details.