Placeholder image

Cloud Hosting Provider Hit by Ryuk Ransomware

03 January 2019

Cloud hosting provider has suffered a ransomware attack during Christmas Eve. The company declared that its systems has been hit by the Ryuk ransomware, the same ransomware who damaged the printing and delivery activities of many American newspapers last weekend.

The California based Data Resolution LLC serves about 30,000 companies all over the world, offering hosting solutions, cloud computing services, business continuity systems, and data center.

The company has not yet commented regarding what happened, but on the 29th of December an update has been released. this update reveals that the attacker entered through a compromised login account and rapidly infected the servers with the Ryuk ransomware.

The attack gave to the attackers control over the data center domain of Data Resolution, locking the company out of its own systems. According to the update published by Data Resolution, the company deactivated its network in order to stop the infection, and to be able to clean and restore the infected systems.

According to Data Resolution there are no indicators that data have been stolen, the reason of the attack was to blackmail the company forcing them to pay a ransom in exchange of the key needed to unblock the infected servers.

Ryuk ransomware has been identified for the first time in August 2018 by the IT security company CheckPoint, who thinks that the malware might be linked to the Lazarus Group, an hacker team from North Korea.

Ryuk is the same malware that infected, during the weekend, the Los Angeles Times printing plant. this attack led to the interruption of printing and delivery services of many newspapers linked to that plant - among them the Los Angeles Times and the San Diego Union Tribune.

In yesterday's update, Data Resoluton declared that they are still working on the restoration of email and database access for their clients.

Cloud hosting providers are often promoted as a way to increase the security of a company and to be better protected against threats, like the ransomwares, that crypt data of the infected systems and then ask for a ransom.On the other hand, cloud providers are a perfect target for malware attacks, as they store a huge amount of data for other companies. 

In 2017 another cloud service provider, Cloudnine, has been hit by a ransomware attack who cause a disruption which lasted several days.