6 Data Center Ransomware Attacks and Their Lessons Learned18 min read

by | Jul 21, 2021 | Blog

Ransomware is one of the most damaging forms of cybercrime. Having personal data or trade secrets encrypted and held to ransom is not an enviable position in which to find oneself.

The data points to a huge increase in ransomware attacks in 2020 compared to 2019. A Bitdefender report claimed a 485% increase in 2020. Of those attacks, 64% occurred in the first quarter of 2020 and 96% involved Internet of Things (IoT) devices.

The following provides a rundown of six of the most noteworthy ransomware attacks from the last couple of years, along with the lessons they delivered about preventing similar events.

1. A Cross-Country Pipeline

The biggest ransomware news in 2021 so far is the attack on the Colonial Pipeline, a piece of infrastructure running from Texas to New Jersey. It received an outsized share of media coverage because of its importance to the national economy. A group called DarkSide claimed credit for the attack, which caused widespread service outages, and demanded a ransom of $4.4 million.

Could this have been prevented?

Officials from Texas’ government confirmed in the attack’s aftermath that Koch Industries, which owns Colonial Pipeline Co., did not pay sufficient attention to cybersecurity until it was too late.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) keeps a list of action items for hardening organizations against ransomware attacks. The first is to keep critical access points, like computer terminals, updated and patched. Attacks on private and public infrastructure will only intensify so long as leaders keep phoning in the basics of cybersecurity.

Zero trust is another accessible prevention mechanism. Cybersecurity experts see the zero-trust model as vital for protecting infrastructure providers, especially during the era of remote work, because it restricts access to just the systems a user requires to complete their current task.

2. A Colocation Provider

Equinix is a major provider of colocation services, where many clients rent portions of the same shared infrastructure. In September 2020, Equinix disclosed a ransomware attack on its server architecture. The company was quick to point out that the attack affected internal systems but not Equinix clients.

Could this have been prevented?

It’s not clear, but the story delivers some timely reminders. Inquiry revealed a $4.5 million ransom for files that Bleeping Computer claims contained payroll and legal documentation. One of the most important ransomware prevention techniques involves encrypting all sensitive files so that, if a bad actor grabs some of it, the data is unreadable not useful as leverage.

3. A Media Law Firm

In May 2020, hackers attacked the computer systems of Grubman, Shire, Meiselas & Sacks (GSMS) – a law firm specializing in media and entertainment. The hacker collective stole some 756 gigabytes of private correspondence and documents concerning celebrities like Lady Gaga, Bruce Springsteen, Mariah Carey, Madonna, and others. The hackers even claimed then-President Donald Trump would be the next target if their $21 million ransom wasn’t paid.

Could this have been prevented?

Professionals of all stripes work from their homes or diverse environments more than ever these days. GSMS has not commented on the attack except to deny they’ve made any payments. But recent world events changed office culture perhaps permanently – including at law firms.

Geographically dispersed employees make an organization a tempting target, since it makes the delivery of regular cybersecurity training and software patches more difficult. Nevertheless, teaching and then reinforcing skills like identifying phishing attempts is vital for avoiding ransomware attacks.

4. A Web Hosting Company

The ransomware problem is not exclusive to any region or country. A few years ago, a web hosting company in South Korea experienced a ransomware attack that some of its clients may still be recovering from. The company, Nayana, found its data encrypted with malware one day with a ransom demand for $1 million.

According to F5 Networks, thousands of client websites hosted on Nayana’s infrastructure were lost for good. And that was even after company leaders decided to pay the ransom.

Could this have been prevented?

F5’s David Holmes said, “We should have all seen this coming and it could be devastating.” Holmes indicated that most hackers carry out this type of attack after successfully phishing an insider – an employee or business associate – using a malicious email. Holmes also warned against keeping outdated or obsolete server equipment online.

5. 23 Local Governments

Texas played host in mid-2019 to a series of ransomware attacks on 23 local governments. It took nearly a week for each one to shift from assessment to recovery. It is thought that this “strain” of ransomware is the same one – known as “Sodinokibi (REvil)” – that has plagued IT teams since 2017.

Could this have been prevented?

One of the lessons here is that it’s unwise to consider any particular strain of ransomware as “old news.” Sodinokibi had been active in the wild for a couple of years before Texas’ governments found themselves targeted.

The Texas Department of Information Resources published a list of ransomware prevention recommendations following the attack:

Only authenticate software users from within the provider’s network.

Activate two-factor authentication on all remote desktop, administrative, and networking tools.

Block all incoming traffic originating from Tor exit nodes.

Deploy Endpoint Detection and Response (EDR) to identify unusual processes on the network.

6. A Data Center Giant

CyrusOne is one of the largest providers of data center services in the U.S. In late 2019, the company confirmed that its operations had been disrupted by an outside party and that six of its managed services customers had experienced outages as a result. A spokesperson confirmed that that “certain devices on their network” had had their data encrypted by hostile ransomware.

Could this have been prevented?

The attack could have been worse – CyrusOne operates 45 data centers on three continents. But CyrusOne’s reply to the ransom demand is telling – they’ve refused to pay. When you can’t prevent every attempt at extortion, you can potentially prevent the next one. The FBI recommends refusing any attempt at extortion, as paying only encourages future attacks.

Additionally, storing encrypted backups on a device without access to outside networks is the most important step organizations can take to ensure bad actors don’t have leverage over you.

Preventing Ransomware in 2021 and Beyond

The FBI issued a crime report in 2020 showing a five-year increase in all cybercrime, with losses totaling $13.3 billion since 2016. In better news, the number of successful ransomware attacks seemed to decline between 2020 and 2021 compared to the number attempted.

Keeping these numbers in decline is everybody’s responsibility. It requires studying high-profile stories like these and learning how to do better.

Real-time monitoring, data-driven optimization.

Immersive software, innovative sensors and expert thermal services to monitor,
manage, and maximize the power and cooling infrastructure for critical
data center environments.

 

Real-time monitoring, data-driven optimization.

Immersive software, innovative sensors and expert thermal services to monitor, manage, and maximize the power and cooling infrastructure for critical data center environments.

Devin Partida

Devin Partida

Editor-in-Chief at ReHack

Devin Partida writes about data, cybersecurity and smart tech for ReHack.com, where she is also the Editor-in-Chief.

0 Comments

Submit a Comment

Your email address will not be published.

Subscribe to the Upsite Blog

Follow Upsite

Archives

Airflow Management Awareness Month

Our 6th annual Airflow Management Awareness Month webinar series kicks off on June 8th. Don't forget to reserve your spot!

Cooling Capacity Factor (CCF) Reveals Data Center Savings

Learn the importance of calculating your computer room’s CCF by downloading our free Cooling Capacity Factor white paper.

Pin It on Pinterest