Cyber SecurityVideo

QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack

Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious cries from its users for more information about the incident.

A message from iNSYNQ to customers.

Gig Harbor, Wash.-based iNSYNQ specializes in providing cloud-based QuickBooks accounting software and services. In a statement posted to its status page, iNSYNQ said it experienced a ransomware attack on July 16, and took its network offline in a bid to contain the spread of the malware.

“The attack impacted data belonging to certain iNSYNQ clients, rendering such data inaccessible,” the company said. “As soon as iNSYNQ discovered the attack, iNSYNQ took steps to contain it. This included turning off some servers in the iNSYNQ environment.”

iNSYNQ said it has engaged outside cybersecurity assistance and to determine whether any customer data was accessed without authorization, but that so far it has no estimate for when those files might be available again to customers.

Meanwhile, iNSYNQ’s customers — many of them accountants who manage financial data for a number of their own clients — have taken to Twitter to vent their frustration over a lack of updates since that initial message to users.

In response, the company appears to have simply deleted or deactivated its Twitter account (a cached copy from June 2019 is available here). Several customers venting about the outage on Twitter also accused the company of unpublishing negative comments about the incident from its Facebook page.

Some of those customers also said iNSYNQ initially blamed the outage on an alleged problem with U.S.-based nationwide cable ISP giant Comcast. Meanwhile, competing cloud hosting providers have been piling on to the tweetstorms about the iNSYNQ outage by marketing their own services, claiming they would never subject their customers to a three-day outage.

iNSYNQ has not yet responded to requests for comment.

Update, 4:35 p.m. ET: I just heard from iNSYNQ’s CEO Elliot Luchansky, who shared the following:

While we have continually updated our website and have emailed customers once if not twice daily during this malware attack, I acknowledge we’ve had to keep the detail fairly minimal.

Unfortunately, and as I’m sure you’re familiar with, the lack of detailed information we’ve shared has been purposeful and in an effort to protect our customers and their data- we’re in a behind the scenes trench warfare doing everything we possibly can to secure and restore our system and customer data and backups. I understand why our customers are frustrated, and we want more than anything to share every piece of information that we have.

Our customers and their businesses are our number one priority right now. Our team is working around the clock to secure and restore access to all impacted data, and we believe we have an end in sight in the near future.

You know as well as we that no one is 100% impervious to this – businesses large and small, governments and individuals are susceptible. iNSYNQ and our customers were the victims of a malware attack that’s a totally new variant that hadn’t been detected before, confirmed by the experienced and knowledgeable cybersecurity team we’ve employed.

Original story: There is no question that a ransomware infestation at any business — let alone a cloud data provider — can quickly turn into an all-hands-on-deck, hair-on-fire emergency that diverts all attention to fixing the problem as soon as possible.

But that is no excuse for leaving customers in the dark, and for not providing frequent and transparent updates about what the victim organization is doing to remediate the matter. Particularly when the cloud provider in question posts constantly to its blog about how companies can minimize their risk from such incidents by trusting it with their data.

Ransomware victims perhaps in the toughest spot include those providing cloud data hosting and software-as-service offerings, as these businesses are completely unable to serve their customers while a ransomware infestation is active.

The FBI and multiple security firms have advised victims not to pay any ransom demands, as doing so just encourages the attackers and in any case may not result in actually regaining access to encrypted files.

In practice, however, many cybersecurity consulting firms are quietly urging their customers that paying up is the fastest route back to business-as-usual. It’s not hard to see why: Having customer data ransomed or stolen can send many customers scrambling to find new providers. As a result, the temptation to simply pay up may become stronger with each passing day.

That’s exactly what happened in February, when cloud payroll data provider Apex Human Capital Management was knocked offline for three days following a ransomware infestation.

On Christmas Eve 2018, cloud hosting provider Dataresolution.net took its systems offline in response to a ransomware outbreak on its internal networks. The company was adamant that it would not pay the ransom demand, but it ended up taking several weeks for customers to fully regain access to their data.

KrebsOnSecurity will endeavor to update this story as more details become available. Any iNSYNQ affected by the outage is welcome to contact this author via Twitter (my direct messages are open to all) or at krebsonsecurity @ gmail.com.


Tags:

You can skip to the end and leave a comment. Pinging is currently not allowed.

One thought on “QuickBooks Cloud Hosting Firm iNSYNQ Hit in Ransomware Attack

  • Matching Algorithms: Find your ideal match with dating apps that make use of sophisticated formulas tailored to your passions, preferences, and worths. This Chinese dating app has actually all you need-a whole lot of messaging devices (e-mail, live chat, video clip and voice messages), a great deal of actual and virtual presents you can send to international ladies, a really broad selection of search tools that permit you to find a female according to your personal preferences, and so on. That’s not all-advanced matching algorithms help users discover their perfect suits, an Android app functions perfectly, and this web site is certainly among the very best Chinese dating sites worldwide. The mobile variation of this web site functions great, too-it’s precisely as quick as the PC variation. There are numerous countless ladies in their 30s (and more youthful customers in their 20s) below, the enrollment is very fast on China Love Cupid, and the Android application functions just great. You can use and surf accounts search filters for free after the registration, but if you desire to obtain accessibility to more functions, you’ll require to buy credits-that’s just how it always collaborates with global dating platforms and AsianMelodies is not an exception. However, it’s not free-like all the dating websites in China, AsiaMe does not permit the users to send out messages or to communicate with other members absolutely free.

    If you’re mosting likely to send out messages to ladies on this online dating system, you’ll require to purchase credit histories first-you can acquire 20 credit histories for only $2.99 and it’s the very best option for those that intend to attempt this dating site without investing as well much. If you intend to send videos or pictures, it’s possible with EasternHoneys, too-but remember that chat video clips are quite expensive right here (you’ll need to pay 50 debts to check out one). Generally, when you mention an Eastern girl, a great deal of many asiame review features and faces would involve the mind. The factor is, you’ll obtain 2 conversation vouchers right after the enrollment free of cost which means you’ll be able to evaluate mostly all the premium includes offered by this system for complimentary! We have to break without standard standards and prioritize genuine connections that line up with our ambitions and values. Incidentally, you can likewise get some credit histories for free-after the registration, all the brand-new individuals obtain 20 totally free credit histories (you’ll obtain 10 more if you validate your email address). You will have to acquire credit reports first-2 credit ratings cost $10, but you can buy 2 credits for only $3.99 (it’s a special deal for the brand-new users of this platform).

    Bear in head, you will find some versions in the means you is heading regarding teasing with Western ladies, versus Asian women. This website is very prominent amongst both Western males and Asian women-CuteAsianWoman is not a Chinese-only dating system, you can fulfill a great deal of ladies from Japan, Korea, Vietnam, Thailand, and other nations below. You’ll find thousands of thousands of females from Japan, Korea, China, Vietnam, Thailand, and other Asian nations on DateAsianWoman-but this is not the only factor why this platform made it to the top checklist of dating apps. This app is not only about women from China-there are 10s of countless girls from Japan, Korea, Vietnam, the Philippines, and other nations below. There are many sites created for foreigners to meet young Thai males and females for dating or whatever they are interested in. Dating Thai Women: An Error Or A Smart Decision? If you have a prismatic sight, you’ll locate that an Indian woman would certainly differ in the desires, tastes and desires from her Japanese or Thai equivalent. Unlike other dating websites and apps on this checklist that have a credit system, this has a month-to-month continuous membership pledge-here, you need to spend for a monthly costs subscription.

    While the ThaiFriendly app is totally free to utilize there is the choice to acquire a regular monthly subscription “ThaiFriendly Premium” within the app. The male participants require to get credit histories to utilize all these features and services-a “complimentary membership” only consists of enrollment, uploading of an image, and developing an account (obviously, complimentary individuals can also make use of all the search tools on CuteAsianWoman). However, you won’t need to purchase a paid subscription here-you’ll just need to get some credit histories to send messages, make use of a video clip chat, and send out gifts. You’ll have to purchase credit histories to talk with girls, to send them gifts, and to have a video call-but the excellent news is that you do not require to pay today. Another advantage about Platinum/VIP condition is that such members can obtain their messages equated by the team of specialists-that’s what you require to conquer the language barrier problem which’s the feature nothing else dating apps on this checklist have.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *