Ransomware Attack Hit iNSYNQ Cloud Hosting Provider
iNSYNQ, the Cloud computing provider experienced a ransomware attack which forced the company to shut down some of its servers to contain the malware infection from spreading and affecting more customer data.
iNSYNQ is an authorized Microsoft, Intuit, and Sage host which provides customers with cloud-based virtual desktops designed to host business applications such as QuickBooks, Sage, Act & Office.
A status update published on the company’s support website said: “iNSYNQ experienced a ransomware attack on 7/16/19 perpetrated by unknown malicious attackers. The attack impacted data belonging to certain iNSYNQ clients, rendering such data inaccessible.”
“As soon as iNSYNQ discovered the attack, iNSYNQ took steps to contain it. This included turning off some servers in the iNSYNQ environment. This effort was made to protect our clients data and backups.
According to a report by bleepingcomputer.com, the cloud hosting firm also says that it has hired cybersecurity experts to help restore access to affected customer data and to all clients’ virtual desktops, with “major traction” to be made “by early next week” according to a letter sent to customers by iNSYNQ’s CEO.
In a letter, iNSYNQ’s CEO Elliot Luchansky also added: “Understandably, there have been many requests for backups I want to be very clear that we are not withholding data or backups, we simply cannot safely access them at this time.
“We’ll still doing everything in our power to ensure that the backups are available to you once we have addressed the underlying problem. Our entire team is working diligently to protect and restore access to your impacted data [..]”
Luchansky also answered some of the questions asked by iNSYNQ’s customers following the downtime caused by the ransomware attack stating that:
Unfortunately, these kinds of things are inevitable. No system is 100% impervious to malware, and we collectively were victims of an attack perpetrated by unknown malicious actors. We wish we had a quick-fix or a way to fully eliminate these risks. If we did, then obviously this kind of event would never happen.
He also said that a timeline for when the customers’ environments will be back up is not yet available but the iNSYNQ team is accelerating the process of restoring the clients’ data and getting all systems online.
Letter from iNSYNQ’s CEO
“We turned off servers as soon as we identified that we were being attacked, and are currently working very closely with industry-leading experts that specialize in working through events like this, so that we are able to restore the access as quickly as we possibly can,” added Luchansky.
“We contained the situation as soon as we became aware of it. There is no evidence to suggest that any of your files have been copied from the iNSYNQ environment. The issue at hand centers on being able to access your files that have been encrypted; it is not a matter of your data being stolen or copied,” iNSYNQ’s CEO also said.
While the letter sent by the CEO to the company’s customers after the security incident provides some extra info on what happened, there is no mention of the ransomware attack that hit iNSYNQ on Luchansky’s Twitter account or on the iNSYNQ account that is no longer accessible — a Google-cached version of the account’s contents can be found here).
A customer who got in touch with the iNSYNQ team says that the clients’ data backups were stored on a separate server but on the same network affected by the cyber-attack.
The company also believes that all the customer data will be recovered and restored but it will take some time until all the backups will be checked to make sure that the malware did not affect them in any way.
BleepingComputer has reached out to iNSYNQ for comment but had not heard back at the time of this publication. This article will be updated when a response is received.
Update: iNSYNQ’s CEO sent us the following statement:
While I cannot share details on the specific ransomware or the number of servers affected, I can share that iNSYNQ and our customers are the victims of a malware attack that’s a totally new variant and hadn’t been detected before, confirmed by the experienced and knowledgeable cybersecurity team we’ve employed.
Unfortunately we have to keep the detail fairly minimal, as I’m sure you’re familiar with in these sorts of situations. Our customers and their data is our number one priority. Transparency is something we pride ourselves on, and it’s difficult to hold back. However, the lack of detailed information in this situation is purposeful. We’re in a behind the scenes trench warfare doing everything we possibly can to secure and restore our systems and customer data and backups, and too much information around this situation puts us and our customers at risk.
My team will continue to work around the clock to secure and restore access to all impacted data, and we believe we have an end in sight in the near future.
96 total views, 1 views today