REvil Attacks Again — Ransomware and its Dangers

Posted on


A popular ransomware called REvil (or Sodinokibi) recently struck again.  This time it targeted a data center belonging to CyrusOne, one of the biggest data center providers in the United States.

The harm from the attack was limited. Nevertheless, it illustrates the power of ransomware.

Ransomware and its Dangers

Ransomware is a malicious computer program which infects a target’s computer systems. It spreads swiftly and disables the victim’s system and data. As a result, the victim can’t get to crucial data or conduct business.

This can lead to major losses for small and large businesses alike. For hospitals and other sensitive facilities, it can even be a matter of life or death. This is because health care depends on patients’ health history.

CyrusOne is a large company, and knew that it could be targeted. The company owns over 48 data centers in Asia, the US and Europe.  It serves over a thousand customers, including over 200 Fortune 1,000 companies. It explicitly listed “ransomware” as a risk factor for its business in an SEC filing in 2018.

Deciding Not to Pay

How should companies respond to ransomware attacks?  In this case, the company decided that it will not pay the ransom. Instead, it will try to recreate and restore the data on its own. For those companies that can do it, this is the ideal response because it discourages attacks. If companies do not pay ransoms, hackers will have no reason to attack.

Not the first REvil Attack

This is not the first attack using REvil, which has been called the “crown prince of ransomware.”  In June, criminals used the ransomware to attack several managed service providers. In August, it attacked over 20 Texas local governments and over 400 dentist offices in the United States.






Continue reading