One of the largest data centers in the U.S., CyrusOne, has been hit with the Sodinokibi (also known as REvil) ransomware. The incident affected six of CyrusOne’s managed services customers located in their New York data center. Sodinokibi was first discovered in April 2019 and drew connections with the GandCrab ransomware for similarities in code along with the timing of GandCrab’s retirement announcement. It’s capable of exploiting CVE-2018-8453 to escalate privileges, terminate specific processes specified in a configuration file, completely wipe blacklisted folders, encrypt files on local machines and network connected shares and exfiltrate basic host information about the victim machine. CyrusOne does not intend on paying the ransom, however. Thomas Hatch, co-founder of SaltStack was quoted saying “The response and remediation from CyrusOne have been excellent given its ability to restore data from backups and respond rapidly to the attack.”
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.