Last month, cloud hosting provider iNSYNQ was hit by a ransomware attack that targeted the critical data of thousands of business owners. The infection hit accounting firms particularly hard, causing many CPAs to lose access to their QuickBooks databases.
How did the iNSYNQ ransomware attack happen?
The same way that most ransomware infections strike: through targeted email phishing that manipulates real human employees. Hackers may try to trick a computer user into clicking on an illicit link, downloading an infected attachment, or sharing private passwords and account numbers. No matter what, the hacker’s goal is the same: gaining access to protected networks or devices, encrypting the data stored on them, then demanding a ransom to decrypt that data and deliver it back to the affected company.
Was the security vulnerability fixed?
Yes—but only 10 days after the initial intrusion, which security experts believe may have occurred weeks before the data was actually encrypted. During that time, proactive security detection and response tools could have identified and repelled the attack—before anyone’s information was impacted.
Not taking those precautions was a major stumble by iNSYNQ, which was bombarded by requests for more information about the attack but suppressed much of it. Company officials waited two full days to notify frustrated clients that the breach had even happened, ending the short announcement with the line, “This is the only information we currently know.”
That’s why CMIT Solutions proactively protects our clients and their entire technology ecosystem. We don’t wait around for system failure or data loss to happen. We don’t scramble to address problems after they impact normal business operations. And we certainly don’t let our clients suffer for 10 days without access to important information.
What are the key takeaways from last month’s ransomware attack?
1. Updated, off-site data backups are a must.
Most companies backup their critical information, and iNSYNQ was no different. Unfortunately, the most recent versions of those data backups were stored onsite and connected to the main network—not stored in a remote, off-site location. That means they were infected right along with all the other data. The only way to completely recover from a ransomware attack is to have a current, conveniently accessible version of your data stored separately from any infected network so the hackers’ request for a ransom can be rebuffed.
2. A detailed disaster recovery plan can get you back online quickly.
The iNSYNQ attack plagued businesses for a minimum of 10 days, with some suffering for much longer. In December 2018, when Datasolutions.net was hacked, some financial systems took weeks to fully recovery. Whether a disaster is weather-related or human-instigated, a well-planned and easily executable recovery plan to combat data loss is critical. In many cases, it can mean the difference between recovering in the wake of a catastrophe—or shutting down completely after weeks of irreparable business damage.
3. Proactive security solutions can stop infections before they happen.
Real data protection starts with multiple layers of network security: intrusion detection, incident reporting, event management, and real-time operations. That’s the kind of approach that makes a difference in today’s complicated cybersecurity world, with new strains of ransomware and different hacking tactics popping up every week.
4. Staff training is essential.
The phishing scheme that struck iNSYNQ required human intervention at every step of the process, from email inbox to initial intrusion to data loss. Updated and ongoing cybersecurity education for your employees can provide the basic knowledge necessary to transform staff members into a first line of defense. Empowered employees can spot common hacking schemes, identifying spam messages and helping automated IT defenses better respond to changing attacks.
At CMIT Solutions, we proactively protect our clients’ data, constructing robust layers of protection around every part of a company’s technology infrastructure. We constantly refine our cybersecurity approach to match the evolving IT landscape, and we work 24/7 to analyze, identify, and solve security problems—before they affect our clients.
Want to protect your business against ransomware with a smart, affordable IT strategy? Want to invest in cybersecurity now so you can avoid spending thousands of dollars on tech security after a data breach strikes your company? Contact CMIT Solutions today. We worry about IT so you don’t have to.