There is no evidence that customer data was accessed during this month's ransomware attack against cloud services provider (CSP) Insynq, the company said. In addition, thousands of Insynq desktops affected by the ransomware attack are up and running once again.
Still, Insynq concedes that some files may not be recovered from the July 16 attack. The CSP began to restore affected customer accounts the week of July 22 and wants to ensure all affected desktops are "safely restored and available to access," the firm stated in a July 29 update.
Insynq provides mission-critical services to MSPs and certified public accountant (CPA) firms, and its MSP partners include ECi Software Solutions and DataNet Pacific. The company's offerings include desktop-as-a-service (DaaS) and hosted accounting applications.
Insynq Ransomware Recovery Statement: Update
As of July 29, 2019 at 1:50 p.m. PDT, Insynq says:
- Nearly all Insynq customers now have access to their Insynq desktops, though customers and partners may need to call the CSP to get the desktops up and running.
- While the CSP caught the attack early, the malware was able to encrypt some files. As a result, the company says: "We’re currently working to determine if they are recoverable. You might see encrypted files on your desktop with .megacortex as an extension - they are not available to access. If you need access to those files immediately please check your local backups or contact support."
- For the next 30 days, partners and customers should backup files to their local hard drive, the company recommends.
- Insynq says an investigation by cybersecurity experts uncovered no evidence that customer data had been accessed.
How to Guard Against Ransomware Attacks
Ransomware attacks are increasing globally, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) indicated. Furthermore, CISA offers the following recommendations to help organizations guard against ransomware attacks:
- Update software and operating systems with the latest patches.
- Avoid clicking on links or open attachments in unsolicited emails.
- Back up data regularly.
- Restrict users' permissions to install and run software applications.
- Use application whitelisting to allow only approved programs to run on a network.
- Leverage spam filters to prevent phishing emails from reaching end users and authenticate inbound email to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
- Configure firewalls to block access to known malicious IP addresses.
MSSPs can provide endpoint detection and response (EDR), security information and event management (SIEM) and other managed security services to help organizations identify and address ransomware attacks. They also can offer tips and recommendations to help organizations combat ransomware and other sophisticated cyber threats.
And if ransomware does hit, end-customers and service providers need to activate carefully planned backup and disaster recovery (BDR) systems that contain clean, uninfected versions of data.
Additional insights from Joe Panettieri.