A major MSP (managed IT services provider) headquartered in California suffered a ransomware attack on or about December 23, and paid the ransom in a bid to restore operations as quickly as possible, according to a report.
The MSP, Synoptek, suffered a Sodinokibi ransomware attack, KrebsOnSecurity reports. Sources also alerted MSSP Alert and ChannelE2E about the alleged attack on December 26.
Multiple vendor research reports suggest Sodinokibi ransomware was created by the same group as the prolific GandCrab ransomware code, Cybereason says.
The only official statement about any kind of Synoptek incident came on Friday, December 27, evening from the company Twitter page, which said that on Dec. 23 the company experienced a “credential compromise which has been contained,” and that Synoptek “took immediate action and have been working diligently with customers to remediate the situation,” KrebsOnSecurity notes.
A Synoptek customer briefed on the attack who asked to remain anonymous said that once inside Synoptek’s systems, the intruders used a remote management tool to install the ransomware on client systems, the report says.
MSSP Alert has not independently confirmed that the attack occurred. We’ve reached out to the company for comment and will update this article if new details surface.
Although MSPs and their software providers have generally raised their defenses in 2019, attacks have continued and some corners of the MSP industry now face a “crisis of credibility, ChannelE2E and MSSP Alert believe.
Still, more signs of progress are emerging. Thousands of MSPs are activating two-factor authentication as a means to stop hackers from entering systems. In many cases, software providers are activating 2FA as a default setting. And increasingly, the 2FA setting is mandatory.
Still, 2FA isn’t a cure-all for ransomware attack mitigation.
MSPs Fighting Ransomware: Basic First Steps
To get ahead of the ransomware threat, MSSP Alert and ChannelE2E have recommended that readers:
Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.