The cloud computing services company suffered an attack with malicious software known as Ryuk that crippled its activities
During the past Christmas Eve, the cloud
service provider Data Resolution
suffered a ransomware-based attack that disrupted the proper functioning of its
systems, as reported by cybersecurity specialists from the International
Institute of Cyber Security.
Data resolution LLC offers software hosting, enterprise
continuity systems, cloud computing and data center services for over 30k
companies around the world. The incident was revealed by renowned cybersecurity researcher Brian Krebs, who mentioned that the infection could have
occurred because of ransomware Ryuk.
Just a few days ago, this ransomware
variant infected the systems of some newspapers in the United States, shutting
down their printing and generating delays in the distribution of the papers in
some areas of the U.S. West Coast.
According to the first investigations, the
malicious actors would have seized access keys and logged in during the last
Christmas Eve to accede to the networks of the company and to inject the
ransomware Ryuk. It seems that hackers
have not committed any data theft of the company, as their only goal was to
extort Data Resolution managers to make a payment and recover the encrypted
data.
“During the incident, the attackers took
control of the company’s data center domain, thanks to what they managed to
block any authorized access for a few moments,” said the cybersecurity expert.
“The security notice that the company sent to its clients mentions that Data Resolution
closed its network to stop the progress of the infection, in addition to be
able to begin the process of elimination of the ransomware, restoration of its
systems and retrieval of information”.
According to reports from some cybersecurity
firms, the ransomware Ryuk is one of the main weapons used by the group of
hackers known as APT Lazarus, linked
to the North Korean government. Apparently, Ryuk keeps various similarities
with the Hermes malware, used by this group of malicious actors.
A ransomware-based attack campaign was recently
discovered directed against organizations around the world allegedly linked to
North Korea. This campaign seems to be perfectly planned, with cybercriminals
aiming at different companies and encrypting hundreds of PCs, storage units and
data centers in each infected organization.
Some reports collected even confirm that some
companies made significant payments to retrieve their information, transferring
figures ranging from 15 to 50 Bitcoin. According to estimates made by the U.S.
authorities, this campaign of attacks would have generated gains of up to $640k
USD for the attackers.
