Cloud Hosting Provider iNSYNQ Affected by Ransomware – Still Struggles After Day Four!

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

iNSYNQ is going through a rough weekend, as they are still fighting to get their customers' files back following a catastrophic ransomware attack that occurred on July 16. The cloud hosting services provider has decided to publicize information about the incident with the pipette, making the situation even worse for those who are looking for some details about what happened and when they’ll be able to access their data again. Customers of iNSYNQ received the following message about the status of the system:

iNSYNQ_message

image source: krebsonsecurity.com

So, it was made clear that the attack impacted the data of iNSYNQ’s clients, and that the ransomware infection is still ongoing and needs to be contained. Whether or not the clients’ data is recoverable (backed up), and approximately when a restoring operation could be concluded are valid questions that were annoyingly left unanswered. For now, iNSYNQ relies on the help of a third-party cybersecurity expert who is occupied with determining whether the attackers accessed the customer data or not. So far, and according to the circulated notice, it looks like they haven’t.

In general, customers complain about how iNSYNQ handled the community’s need for clarifications or even the very incident initially. In fact, the cloud services company actually blamed the Comcast ISP when the first signs of trouble took hold. Moreover, any negative or criticizing comments published on the company’s Facebook or Twitter pages are getting straight out deleted. This certainly leaves a sour taste in the mouth of the community, as the clients would expect a certain level of transparency from this cloud service provider.

One of the companies that rely on iNSYNQ’s cloud services infrastructure is QuickBooks, the widely used accounting software platform. The status page of Quickbooks shows that the desktop app is undermined by a minor outage on the “bank feeds”, and the inability to download American Express web-connect files. The latter is attributed to a maintenance session that is carried out by AMEX, so it seems that the date (July 16) and the fact that it’s still ongoing is a coincidence. The rest of the modules are operational, so QuickBooks is obviously not solely relying on iNSYNQ.

It may take iNSYNQ a couple of weeks to restore backups, or they may pay the ransom and get back to business sooner. However, the damage to the company’s image will most likely suffer in the long-term.

Statement from iNSYNQ: Our customers now have access to their desktops, files, and applications after the recent malware attack. While we continue to work with law enforcement and cyber security expert, Crowdstrike, and don’t have a full report yet, we are able to share that this attack started in early June when a sophisticated malicious actor penetrated iNSYNQ servers and sat dormant until July 16th, when they remotely triggered a highly-targeted, carefully planned ransomware attack on one of our primary data centers, impacting a significant segment of our customer base. This planned, targeted attack was conducted by a cyber malicious actor that, according to the multiple experts we’ve been in touch with, used a previously unseen variant of the virus known as MegaCortex.

There is currently no evidence indicating that our customers’ data was exfiltrated (i.e., taken) or accessed as a result of this incident.

Have something to say about the story above? Let us know of your opinion in the comments section down below, or on our socials, via Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: