Sunday, 21 July 2019

iNSYNQ Cloud Hosting Provider Hit by Ransomware Attack

Cloud computing provider iNSYNQ experienced a ransomware attack which forced the company to shut down some of its servers to contain the malware infection from spreading and affecting more customer data.
iNSYNQ is an authorized Microsoft, Intuit, and Sage host which provides customers with cloud-based virtual desktops designed to host business applications such as QuickBooks, Sage, Act & Office.
"iNSYNQ experienced a ransomware attack on 7/16/19 perpetrated by unknown malicious attackers. The attack impacted data belonging to certain iNSYNQ clients, rendering such data inaccessible," says a status update published on the company's support website.
"As soon as iNSYNQ discovered the attack, iNSYNQ took steps to contain it. This included turning off some servers in the iNSYNQ environment. This effort was made to protect our clients data and backups.
iNSYNQ status
The cloud hosting firm also says that it has hired cybersecurity experts to help restore access to affected customer data and to all clients' virtual desktops, with "major traction" to be made "by early next week" according to a letter sent to customers by iNSYNQ's CEO.
As iNSYNQ's CEO Elliot Luchansky also added in his letter, "Understandably, there have been many requests for backups I want to be very clear that we are not withholding data or backups, we simply cannot safely access them at this time.
"We'll still doing everything in our power to ensure that the backups are available to you once we have addressed the underlying problem. Our entire team is working diligently to protect and restore access to your impacted data [..]"
Luchansky also answered some of the questions asked by iNSYNQ's customers following the downtime caused by the ransomware attack stating that:
Unfortunately, these kinds of things are inevitable. No system is 100% impervious to malware, and we collectively were victims of an attack perpetrated by unknown malicious actors. We wish we had a quick-fix or a way to fully eliminate these risks. If we did, then obviously this kind of event would never happen.
He also said that a timeline for when the customers' environments will be back up is not yet available but the iNSYNQ team is accelerating the process of restoring the clients' data and getting all systems online.
Letter from iNSYNQ's CEO
Letter from iNSYNQ's CEO (h/t TC)
"We turned off servers as soon as we identified that we were being attacked, and are currently working very closely with industry-leading experts that specialize in working through events like this, so that we are able to restore the access as quickly as we possibly can," added Luchansky.
"We contained the situation as soon as we became aware of it. There is no evidence to suggest that any of your files have been copied from the iNSYNQ environment. The issue at hand centers on being able to access your files that have been encrypted; it is not a matter of your data being stolen or copied," iNSYNQ's CEO also said.
While the letter sent by the CEO to the company's customers after the security incident provides some extra info on what happened, there is no mention of the ransomware attack that hit iNSYNQ on Luchansky's Twitter account or on the iNSYNQ account that is no longer accessible — a Google-cached version of the account's contents can be found here).
A customer who got in touch with the iNSYNQ team says that the clients' data backups were stored on a separate server but on the same network affected by the cyber-attack. 
The company also believes that all the customer data will be recovered and restored but it will take some time until all the backups will be checked to make sure that the malware did not affect them in any way.