{
	"id": "3ffd01a5-93b8-4709-bc18-456c6a749b86",
	"created_at": "2026-04-06T00:12:13.494447Z",
	"updated_at": "2026-04-10T13:12:36.282116Z",
	"deleted_at": null,
	"sha1_hash": "51c0a09967e592c1d5a44b953f569f56ecfc632e",
	"title": "Ransomware attack hits major US data center provider",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1254023,
	"plain_text": "Ransomware attack hits major US data center provider\r\nBy Written by Catalin Cimpanu, ContributorContributor Dec. 4, 2019 at 8:08 p.m. PT\r\nArchived: 2026-04-05 12:45:31 UTC\r\nCyrusOne, one of the biggest data center providers in the US, has suffered a ransomware attack, ZDNet has\r\nlearned.\r\nIn an email after this article's publication, a CyrusOne spokesperson confirmed the incident and said they are\r\ncurrently working with law enforcement and forensics firms to investigate the attack, and help customers restore\r\nsystems impacted systems.\r\n\"Six of our managed service customers, located primarily in our New York data center, have experienced\r\navailability issues due to a ransomware program encrypting certain devices in their network,\" CyrusOne told\r\nZDNet.\r\n\"Our data center colocation services, including IX and IP Network Services, are not involved in this incident. Our\r\ninvestigation is on-going and we are working closely with third-party experts to address this matter,\" the company\r\nsaid.\r\nAnother REVil (Sodinokibi) attack\r\nAccording to details ZDNet received in a tip, the incident took place yesterday and was caused by a version of the\r\nREvil (Sodinokibi) ransomware.\r\nThis is the same ransomware family that hit several managed service providers in June, over 20 Texas local\r\ngovernments in early August, and 400+ US dentist offices in late August.\r\nAccording to a copy of the ransom note, this was a targeted attack against the company's network. The point of\r\nentry is currently unknown.\r\nhttps://www.zdnet.com/article/ransomware-attack-hits-major-us-data-center-provider/\r\nPage 1 of 2\n\ncyrusone-ransom-note.png\r\nOne of the six customers impacted by the ransomware infection is FIA Tech, a financial and brokerage firm. Teh\r\nransomware caused on outage of FIA Tech cloud services.\r\nIn a message to customers, FIA Tech said \"the attack was focused on disrupting operations in an attempt to obtain\r\na ransom from our data center provider.\" FIA Tech did not name the data center provider, but a quick search\r\nidentifies it as CyrusOne.\r\nWe've been told by a source close to CyrusOne that the data center provider does not intend to pay the ransom\r\ndemand, barring any future unforeseen developments.\r\nThe company owns 45 data centers in Europe, Asia, and the Americas, and has more than 1,000 customers. It is\r\nalso considering a sale after receiving takeover interest over the summer, according to Bloomberg.\r\nCyrusOne is a publicly-traded, NASDAQ-listed company (NASDAQ:CONE). In an SEC filing last year, the\r\ncompany explicitly listed \"ransomware\" as a risk factor for its business (page 23).\r\nA copy of the ransomware executable that is believed to have infected the company's network was uploaded on\r\nVirusTotal earlier today.\r\nArticle updated on December 5, 13:45 ET with comment from CyrusOne.\r\nCloud services: 24 lesser-known web services your business needs to try\r\nSecurity\r\nSource: https://www.zdnet.com/article/ransomware-attack-hits-major-us-data-center-provider/\r\nhttps://www.zdnet.com/article/ransomware-attack-hits-major-us-data-center-provider/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.zdnet.com/article/ransomware-attack-hits-major-us-data-center-provider/"
	],
	"report_names": [
		"ransomware-attack-hits-major-us-data-center-provider"
	],
	"threat_actors": [],
	"ts_created_at": 1775434333,
	"ts_updated_at": 1775826756,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/51c0a09967e592c1d5a44b953f569f56ecfc632e.pdf",
		"text": "https://archive.orkl.eu/51c0a09967e592c1d5a44b953f569f56ecfc632e.txt",
		"img": "https://archive.orkl.eu/51c0a09967e592c1d5a44b953f569f56ecfc632e.jpg"
	}
}