Data center provider CyrusOne was reportedly hit with a
combination ransomware/data breach involving the REvil (aka Sodinokibi) ransomware.
Details are scarce, but ZDNet
reported the attack took place on December 4. A screenshot of the ransom note
indicated all the files were locked and that the threat actors would allow one
file to be decrypted for free as an act of good faith that a payment would
result in all the files being unlocked.
The company
has issued no statements on the incident nor returned DigitalMunition’s inquiries.
Tripwire’s
Graham Cluley noted that historically REvil has been distributed through
malicious email campaigns using spearphishing and boobytrapped documents,
compromising RDP and exploit kits.
Over the
last year Sodinokibi
has been used in several attacks and may possibly have been created by the developers
who were behind GandCrab.
Gloss