Ransomware attacks against cloud services are increasing

A severe ransomware attack has hit the systems of iNSYNQ, a U.S.-based cloud hosting service provider; according to system audit specialists, one of the services most affected by this incident is QuickBooks, a cloud-based platform that provides accounting software and services.

The incident occurred sometime on June 16,
though that’s all the information that iNSYNQ executives revealed at the time.

The company released an update on the incident
until the week after the attack, mentioning that: “iNSYNQ was the victim
of a ransomware
attack perpetrated by unidentified threat actors. The incident had a serious
impact on the systems where the data of some of our customers is stored, so at
the moment it is impossible for us to access this information.”

“After detecting the infection our system
audit team began an incident containment protocol, which involved disabling
some of the servers in our ecosystem. This procedure aims to protect our
customers’ data and information backups,” the company’s statement says.

On the other hand, Elliot Luchansky, the CEO of
the company, reported through his social media profiles that the threat actors
who perpetrated the attack employed a ransomware variant known as MegaCortex, a
new development that has been present in multiple attacks in recent months.  

Over the past few months various cybersecurity
firms and system audit experts have been analyzing the recorded MegaCortex
attacks, finding some similarities in each incident. One behavior detected by
experts is that attackers start asking for ransoms of between 2 and 3 Bitcoin,
the ransom could rise to 600 BTC if the victims ignores the hackers’ demand.
“If you don’t have the money, don’t even waste your time writing to us; we
don’t work for charity”, concludes the ransom note sent by the attackers.

The latest updates on the incident state that
iNSYNQ decided not to pay the hackers and begin its recovery process using
security backups. Similarly, specialists from the International Institute of Cyber
Security (IICS) recommend that companies that are victims of this variant of
malware use their backups and, if possible, discard the option to pay the
ransom, as this only benefits the hackers, providing them with resources to
keep up with their illicit activities, and there is no guarantee that hackers
will honor their part of the deal.   

(Visited 5 1 times)

Comments are closed.