Cyber Incident Victim: Dataresolution.net
Date:
Dec 2018
Location:
United States of America
Summary
A cloud hosting provider suffered a Ryuk ransomware attack after attackers compromised a login account, seizing control of its data center domain and forcing a network shutdown to contain the infection. The incident disrupted critical client services including email, databases, and hosted accounting software, with restoration efforts extending over a week. The attackers demanded payment, but the firm opted to rebuild systems from backups without paying the ransom. While no data theft was confirmed, the intrusion was linked to a sophisticated threat actor group associated with similar high-impact attacks on media infrastructure. The event highlighted ransomware risks facing cloud service providers due to their concentration of client systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 24, 2018, cloud hosting provider DataResolution.net suffered a ransomware attack that disrupted services for its approximately 30,000 business customers worldwide. Attackers compromised a login account on Christmas Eve and deployed Ryuk ransomware across the company’s systems, seizing control of Data Resolution’s data center domain and temporarily locking the company out of its own infrastructure. The intrusion forced Data Resolution to shut down its network to contain the malware’s spread, initiating a restoration process involving cleaning infected systems and rebuilding from backups. The attackers demanded payment in exchange for decryption keys, but the company stated no evidence indicated customer data theft occurred, characterizing the incident as purely financially motivated. Data Resolution’s recovery efforts faced significant challenges, with status updates on December 29, 2018, confirming ongoing work to restore email access, client databases, and Dynamics GP accounting/payroll hosting services critical to many organizations.
By January 2, 2019, over a week after the initial attack, Data Resolution remained engaged in service restoration while emphasizing its decision not to pay the ransom. The Ryuk malware used in the attack had previously been linked by security researchers to the North Korean Lazarus Group and was responsible for simultaneous disruptions at major U.S. newspapers like the Los Angeles Times. The incident highlighted risks facing cloud hosting providers, which centralize data for numerous clients and represent high-value targets despite marketing claims of enhanced security. Data Resolution’s reliance on backups rather than capitulating to ransom demands aligned with incident response best practices, though the prolonged outage underscored operational vulnerabilities in smaller providers compared to larger firms like Amazon or Google. Customers dependent on the company for payroll management and business continuity services experienced extended disruptions during the holiday period.