Ransomware Strikes HARD
A week-long outage is what cloud-based virtual desktop provider, iNSYNQ has recently had to deal with. This major outage is a result of its servers being hit by infectious ransomware. iNSYNQ’s direct customers were not alone in those affected by the outage. Companies that use its infrastructure for accounting services and web-based apps. Like the majority of attacks, the company has an unstated obligation to inform the public and consumers of what happened. Transparency is important for customer loyalty. Social networks and web hosting reviewers have been slamming iNSYNQ for the past week. There was a failure to update people and the resolution was taking unusually long. During typical web hosting outages, downtime only lasts a couple of hours. They only rarely surpass that and go on for more than a day.
In iNSYNQ’s situation, its servers were frozen with ransomware. Ransomware is a cyberattack that requires time-consuming steps for recovery. For web hosting businesses that are constantly running and active, these recovery steps are incompatible. Due to the infection, iNSYNQ was required to shut down its infrastructure to halt the ransomware from infecting more of its systems. The recovery processes meant that hundreds and thousands of servers had to be reinstalled. Restoring backups was the next step if files could be found. These recovery operations were immensely time-consuming, taking roughly six days to accomplish. Since iNSYNQ failed to publicly announce updates on its outage situation, the week of downtime negatively impacted its public image and customer relations.
Eventually, after iNSYNQ resolved its ransomware situation, its CEO Elliot Luchansky revealed the name that wreaked havoc on his company and its engineers. MegaCortex is a relatively new ransomware that was first spotted back in May of 2019. In early may, Sophos reported that the gang that was behind the ransomware was targeting large corporations rather than home users. iNSYNQ is currently the largest victim of MegaCortex and validates that the criminals behind the ransomware are not amateurs.
Though efforts of recovery have taken about a week, Luchansky stated that just recently has iNSYNQ started allowing customers access to their virtual desktops again. Things are not completely back to normal for the virtual desktop provider. Some customers are still unable to be granted access to some account backups and personal files. Even though the company caught the attack fairly early, the malware was still able to encrypt files, making it difficult to recover. The CEO is encouraging the already aggravated customers to be patient as the data may take some time before reappearing on to the account. It is estimated that iNSYNQ’s staff will need several more days to restore the remainder of the user accounts. For those with encrypted files, the company is telling users to use an older backup to restore files.
Ransomware events that affect web hosting firms are proving themselves to be extremely difficult to manage, while often being problematic and time-consuming. It makes sense that the largest ransom payment made for ransomware malware was tied to a web hosting business. Web hosting firm, Internet Nayana of South Korea dished out 1.3 billion won worth of bitcoin, around $1.14 million, to get access back to its servers and backups. Another ransomware incident occurred in May where A2 Hosting also took about a week to allow users access to their servers again. That operation took roughly a month to complete.