Cloud Hosting Provider DataResolution.net hit by the Ryuk ransomware

The Cloud hosting provider Dataresolution.net was hit by a ransomware-based attack on Christmas Eve that took down its systems.

Data Resolution LLC provides software hosting, business continuity systems, cloud computing, and data center services to more serves than 30,000 businesses worldwide,

The news was first reported by the popular investigator Brian Krebs on KrebsOnSecurity, the company believe its systems were infected with the Ryuk ransomware.

The Ryuk ransomware recently crippled printing and delivery operations for major U.S. newspapers.

According to a company the attackers took over a login account on Christmas Eve and used it to access the company network and deliver the Ryuk ransomware.

Intruders haven’t stolen any data, their unique goal was to extort money to the company forcing it to pay the ransom to recover the encrypted data.

“The intrusion gave the attackers control of Data Resolution’s data center domain, briefly locking the company out of its own systems.” wrote Krebs. “The update sent to customers states that Data Resolution shut down its network to halt the spread of the infection and to work through the process of cleaning and restoring infected systems.”

According to a report published by security firm CheckPoint published on August, the Ryuk ransomware was one of the cyber weapons in the arsenal of the dreaded North Korea-linked APT group Lazarus.

The Ryuk ransomware appears connected to Hermes malware that was associated with the notorious Lazarus APT group.

Check Point uncovered a ransomware-based campaign aimed at organizations around the world conducted by North Korea-linked threat actor.

The campaign appeared as targeted and well-planned, crooks targeted several enterprises and encrypted hundreds of PC, storage and data centers in each infected company.

Some organizations paid an exceptionally large ransom in order to retrieve the encrypted files, CheckPoint confirmed that the ransom amount paid by the victims ranged between 15 BTC to 50 BTC.

At least three organizations in the United States and worldwide were severely affected, the attackers are estimated to have netted over $640,000 to date.

DataResolution is still working to restore email access and multiple databases for clients. The company is working to restore service for companies relying on it to host installations of Dynamics GP-

“A source at a company that uses Data Resolution to manage payroll payments told KrebsOnSecurity that the cloud hosting provider said it did not attempt to pay the requested ransom, preferring to restore systems from backups instead.” concludes Krebs.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – cloud computing, DataResolution)

[adrotate banner=”5″] [adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.