Cloud service provider’s servers infected with ransomware

The KimcilWare Ransomware targets web sites running the Magento Platform

The cloud computing services company suffered an attack with malicious software known as Ryuk that crippled its activities

During the past Christmas Eve, the cloud service provider Data Resolution suffered a ransomware-based attack that disrupted the proper functioning of its systems, as reported by cybersecurity specialists from the International Institute of Cyber Security.

Data resolution LLC offers software hosting, enterprise continuity systems, cloud computing and data center services for over 30k companies around the world. The incident was revealed by renowned cybersecurity researcher Brian Krebs, who mentioned that the infection could have occurred because of ransomware Ryuk.

Just a few days ago, this ransomware variant infected the systems of some newspapers in the United States, shutting down their printing and generating delays in the distribution of the papers in some areas of the U.S. West Coast.

According to the first investigations, the malicious actors would have seized access keys and logged in during the last Christmas Eve to accede to the networks of the company and to inject the ransomware Ryuk.  It seems that hackers have not committed any data theft of the company, as their only goal was to extort Data Resolution managers to make a payment and recover the encrypted data.

“During the incident, the attackers took control of the company’s data center domain, thanks to what they managed to block any authorized access for a few moments,” said the cybersecurity expert. “The security notice that the company sent to its clients mentions that Data Resolution closed its network to stop the progress of the infection, in addition to be able to begin the process of elimination of the ransomware, restoration of its systems and retrieval of information”.

According to reports from some cybersecurity firms, the ransomware Ryuk is one of the main weapons used by the group of hackers known as APT Lazarus, linked to the North Korean government. Apparently, Ryuk keeps various similarities with the Hermes malware, used by this group of malicious actors.

A ransomware-based attack campaign was recently discovered directed against organizations around the world allegedly linked to North Korea. This campaign seems to be perfectly planned, with cybercriminals aiming at different companies and encrypting hundreds of PCs, storage units and data centers in each infected organization.

Some reports collected even confirm that some companies made significant payments to retrieve their information, transferring figures ranging from 15 to 50 Bitcoin. According to estimates made by the U.S. authorities, this campaign of attacks would have generated gains of up to $640k USD for the attackers.