CyrusOne

CyrusOne operates as a major United States-based data center and colocation provider, delivering critical infrastructure services to businesses requiring secure, reliable information technology environments. The company's core offerings include managed services and colocation space, allowing clients to house their own servers and networking equipment within CyrusOne's facilities while benefiting from controlled power, cooling, and physical security. Its customer base spans various sectors, with a notable presence serving organizations that have high uptime requirements, such as financial institutions, as evidenced by the impact on a financial brokerage firm during a significant security incident. The company maintains a physical footprint that includes key facilities, such as a major location in New York, which supports its position as a significant player in the domestic data center market. By providing the foundational infrastructure for other companies' IT operations, CyrusOne functions as an enabling utility within the digital economy, ensuring continuity for its clients' dependent services and applications.

A defining event in the company's recent history is the targeted ransomware attack it suffered on December 3, 2019, attributed to the REvil (Sodinokibi) ransomware family. This incident compromised the network managing services for six of its customers, primarily through its New York facility, leading to encrypted devices and operational disruptions for those affected organizations. Critically, the company's colocation services, where clients maintain direct control over their own equipment, remained unaffected, highlighting a technical and operational distinction between its managed service and colocation business lines. In its response, CyrusOne engaged external forensic investigators and law enforcement, confirming a deliberate intrusion though the initial attack vector was never publicly identified. The company had previously identified ransomware as a material business risk in regulatory filings, indicating a pre-existing awareness of this threat landscape. Internal sources indicated no intention to pay the demanded ransom, a stance consistent with many organizations' policies against financially motivated cyber extortion. This incident underscores the persistent threat of ransomware to managed service providers and the potential for cascading impacts across the client ecosystems they support.