Ransomware attacks against cloud services increase; iNSYNQ is the most recent victim

A severe ransomware attack has hit the systems of iNSYNQ, a U.S.-based cloud hosting service provider; according to system audit specialists, one of the services most affected by this incident is QuickBooks, a cloud-based platform that provides accounting software and services.

The incident occurred sometime on June 16, though that’s all the information that iNSYNQ executives revealed at the time.

The company released an update on the incident until the week after the attack, mentioning that: “iNSYNQ was the victim of a ransomware attack perpetrated by unidentified threat actors. The incident had a serious impact on the systems where the data of some of our customers is stored, so at the moment it is impossible for us to access this information.”

“After detecting the infection our system audit team began an incident containment protocol, which involved disabling some of the servers in our ecosystem. This procedure aims to protect our customers’ data and information backups,” the company’s statement says.

On the other hand, Elliot Luchansky, the CEO of the company, reported through his social media profiles that the threat actors who perpetrated the attack employed a ransomware variant known as MegaCortex, a new development that has been present in multiple attacks in recent months.  

Over the past few months various cybersecurity firms and system audit experts have been analyzing the recorded MegaCortex attacks, finding some similarities in each incident. One behavior detected by experts is that attackers start asking for ransoms of between 2 and 3 Bitcoin, the ransom could rise to 600 BTC if the victims ignores the hackers’ demand. “If you don’t have the money, don’t even waste your time writing to us; we don’t work for charity”, concludes the ransom note sent by the attackers.

The latest updates on the incident state that iNSYNQ decided not to pay the hackers and begin its recovery process using security backups. Similarly, specialists from the International Institute of Cyber Security (IICS) recommend that companies that are victims of this variant of malware use their backups and, if possible, discard the option to pay the ransom, as this only benefits the hackers, providing them with resources to keep up with their illicit activities, and there is no guarantee that hackers will honor their part of the deal.