cloud hosting provider still battling Christmas Eve Ransomware Attack cloud hosting provider Battling Christmas Eve cloud hosting provider struggles to get its systems back online after suffering a Christmas Eve ransomware infestation, KrebsOnSecurity has learnt. The company says that its systems have been affected by the Ryuk ransomware, the same malware strain that has crippled newspapers printing and delivery operations in several major US countries during this weekend.

California San Juan Capistrano, data resolution LLC provides hosting software, business continuity systems, cloud computing and data center services to some 30 000 companies worldwide. The company has not yet answered comment requests. However, according to the status update, Data Resolution shared with affected customers in December. 29, 2018, the attackers broke through a compromised Christmas Eve login account and soon started to infect servers with the Ryuk Ransomware strain. Part of a breakdown update shared with customers of data resolution via Dropbox in December 29, 2018.

The intrusion gave the attackers control of the data center domain of data resolution and locked the company out of their own systems. The customer update states that Data Resolution has shut down its network to stop the spread of the infection and to work through the cleaning and restoration process of infected systems.

Data Resolution assures customers that no data has been stolen and that the purpose of the attack was to extract payment from the company in exchange for a digital key that could be used to unlock access to ransomware-seized servers quickly. A snippet of an update shared by Data Resolution with affected clients in December. 31, the year 2018.

The Ryuk ransomware strain was first detailed in a security firm CheckPoint report in August 2018, which states that the malware can be linked to a sophisticated North Korean hacking team known as the Lazarus Group. Ryuk was reportedly the same malware that infected the weekend’s Olympic printing plant in the Los Angeles Times, an attack that disrupted the printing and delivery of newspapers for a number of publications, including the Los Angeles Times and the San Diego Union Tribune.

A status update shared with affected customers by Data Resolution earlier today indicates that the cloud hosting provider continues to work to restore email access and multiple customer databases. The update also indicated that Data Resolution is in the process of restoring service to companies that rely on it to host Dynamics GP installations, a popular software package used by many companies for accounting and payroll services.

A status update shared with affected customers in Jan by the data resolution. 2, 2018 shows that more than a week after the attack started the company is still struggling to restore services. Cloud hosting providers are often used as a way for companies to increase security and better protect themselves against threats such as ransomware, which scrap data on infected systems and demand payment in exchange for a digital key required to unlock affected systems.

Cloud providers are also a particularly attractive target for ransomware attacks because they store large amounts of data for other companies. Cloud hosting provider Cloudnine was hit by a ransomware attack in 2017, leading to a several – day outage. Much depends on security practices maintained by each provider, according to last year’s MIT Technology Review, which called cloud ransomware attacks a top security concern in 2018.

“The biggest cloud operators such as Google, Amazon and IBM have hired some of the brightest digital security minds, so they’re not going to be easy to crack,” Martin Giles wrote. “But smaller companies are likely to be more vulnerable, and even a modest breach could lead to a big payday for the hackers involved.”

A company source using Data Resolution to manage payroll payments told KrebsOnSecurity that the cloud hosting provider did not try to pay the ransom requested, instead restore backup systems.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.