US Cloud Hoster Receives Christmas Ransomware 'Gift'

A US cloud services provider has been struggling to shake off a ransomware attack that forced it to shut its network and hire extra help on Christmas Day.

There’s no information about the incident on the website of California-based Data Resolution, which apparently serves tens of thousands of customers from its datacenters in the US, Canada, Bermuda and the UK.

However, customer updates sent to KrebsOnSecurity indicate that the firm was infected by the Ryuk strain of ransomware on Christmas Eve. The initial attack vector was apparently a compromised user account, with servers soon infected.

The firm claimed it was forced to shut down its network to halt the spread of the ransomware, with extra staff hired in to help tackle the incident over the holiday season. However, it’s thought that the attackers were only out to extort the company, rather than looking for data to steal.

Linked to North Korea’s notorious Lazarus Group when it first appeared last year, the Ryuk strain of ransomware is believed to be responsible for the disruption of newspaper operations across the US last weekend.

Titles including the Los Angeles Times and Chicago Tribune were affected after Tribune Publishing and other facilities were hit by the ransomware.

Fred Kneip, CEO of CyberGRX, said the attack proves that organizations need to think carefully when selecting their cloud and managed hosting providers.

“It is vital for such organizations to confirm which security measures the third-party cloud provider is responsible for executing to ensure the security of the entire infrastructure,” he added.

“Hackers go for the path of least resistance, and much like a sitting duck, data is most vulnerable when it is at rest. For this reason, cloud services providers, and the organizations that welcome them as a third party, must work together to guarantee security qualifications are met.”

What’s Hot on Infosecurity Magazine?