OVH Data Center Fire Impacts Cyber-criminals

Cyber-criminals' illegal activities have been disrupted by a severe fire at the Strasbourg data centers of one of the largest web-hosting providers in the world. 

The fire began at 00:47 on March 10 in a room of data center SBG2, which belongs to OVHcloud. SBG2 was completely wiped out in the blaze, which also destroyed four rooms of data center SBG1 and caused a shutdown of the servers in SBG3 and SBG4. 

It took over 100 firefighters working with a pump boat on the river Rhine more than six hours to extinguish the fire, the cause of which has not yet been determined.

OVH said it has a team of 60 people working on site to connect mobile network and electricity units and is "committed to providing around 15,000 new servers in the coming weeks." 

According to an update posted on Sunday, March 14, the internal networks of SBG1, SBG3, and SBG4 will be redeployed on March 17 with a gradual restart planned for March 22. 

"For customers who have been impacted, we are offering replacement infrastructures (Bare Metal, Hosted Private Cloud and Public Cloud) in our Roubaix (RBX) and Gravelines (GRA) data centers," said the company.

The fire initially caused 3.6 million websites on 464,000 distinct domains to be taken offline, including news sites, banks, webmail services, and online shops selling PPE. 

Among the sites affected were the UK government’s Vehicle Certification Agency website, a site belonging to the Polish Financial Ombudsman, and the French government procurement site Plateforme des achats de l’Etat.

Network monitor site Netcraft reported that the most affected country code top-level domain (ccTLD) was .fr, "which had 184,000 knocked-out websites spread across 59,600 distinct domain names —these account for 1.9% of all .fr domains in the world." 

Costin Raiu, the director of the Global Research and Analysis Team (GReAT) at Kaspersky Lab, took to Twitter to highlight the effects of the fire on the cyber-criminal community. 

"Out of the 140 known C2 servers we are tracking at OVH that are used by APT and sophisticated crime groups, approximately 64% are still online," said Raiu.

"The affected 36% include several APTs: Charming Kitten, APT39, Bahamut and OceanLotus."

What’s Hot on Infosecurity Magazine?