Insynq Ransomware Attack Recovery: Progress Report

There is no evidence that customer data was accessed during this month’s ransomware attack against cloud services provider (CSP) Insynq, the company said. In addition, thousands of Insynq desktops affected by the ransomware attack are up and running once again.

Still, Insynq concedes that some files may not be recovered from the July 16 attack. The CSP began to restore affected customer accounts the week of July 22 and wants to ensure all affected desktops are “safely restored and available to access,” the firm stated in a July 29 update.

Insynq provides mission-critical services to MSPs and certified public accountant (CPA) firms, and its MSP partners include ECi Software Solutions and DataNet Pacific. The company’s offerings include desktop-as-a-service (DaaS) and hosted accounting applications.

Insynq Ransomware Recovery Statement: Update

As of July 29, 2019 at 1:50 p.m. PDT, Insynq says:

  • Nearly all  Insynq customers now have access to their Insynq desktops, though customers and partners may need to call the CSP to get the desktops up and running.
  • While the CSP caught the attack early, the malware was able to encrypt some files. As a result, the company says: “We’re currently working to determine if they are recoverable. You might see encrypted files on your desktop with .megacortex as an extension – they are not available to access. If you need access to those files immediately please check your local backups or contact support.”
  • For the next 30 days, partners and customers should backup files to their local hard drive, the company recommends.
  • Insynq says an investigation by cybersecurity experts uncovered no evidence that customer data had been accessed.

How to Guard Against Ransomware Attacks

Ransomware attacks are increasing globally, the U.S. Department of Homeland Security‘s Cybersecurity and Infrastructure Security Agency (CISA) indicated. Furthermore, CISA offers the following recommendations to help organizations guard against ransomware attacks:

  • Update software and operating systems with the latest patches.
  • Avoid clicking on links or open attachments in unsolicited emails.
  • Back up data regularly.
  • Restrict users’ permissions to install and run software applications.
  • Use application whitelisting to allow only approved programs to run on a network.
  • Leverage spam filters to prevent phishing emails from reaching end users and authenticate inbound email to prevent email spoofing.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Configure firewalls to block access to known malicious IP addresses.

MSSPs can provide endpoint detection and response (EDR), security information and event management (SIEM) and other managed security services to help organizations identify and address ransomware attacks. They also can offer tips and recommendations to help organizations combat ransomware and other sophisticated cyber threats.

And if ransomware does hit, end-customers and service providers need to activate carefully planned backup and disaster recovery (BDR) systems that contain clean, uninfected versions of data.

Additional insights from Joe Panettieri.

Return Home



    Anne Mobley:

    Very very upset that I cannot get into my QuickBooks pro business accounts with Insynq. Several days have passed and emails go unanswered. My businesses are paralyzed. Cannot do invoicing, payroll etc. Insynq advised we would be up and running first of this week and we are nearing the end of the week. Have my files been lost? I was under the assumption that this was going to be a very safe way to store my business accounts. Very disappointed.

    Joe Panettieri:

    Hi Anne: We’ll continue to update this story as more details surface. Overall it sounds like Insynq has restored the vast majority of files, though we realize any file loss is a serious potential issue for partners and customers.

    clarise Lyon:

    I have my quickbooks now and thank insynq for doing all the work to get everyone up and running. All is good and I can access the data, have updated on my desktop. I’m not jumping on the bandwagon to leave insynq. Anyone can be attacked, I don’t care what other companies are saying. There is a tsunami of attacks on the way–it is just as important that we download our QB or other accounts to our private servers to use in the event that this happens again. I’m just thankful that the attackers didn’t get confidential information.

Leave a Reply

Your email address will not be published.