Posts

We just finished writing about an IT provider of managed services in Colorado who was hacked, and in turn all or most of their customers were hacked as well.

Well, it’s another day and this time the story comes from California.

Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customers nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible.

Irvine, Calif.-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries, including state and local governments, financial services, healthcare, manufacturing, media, retail and software. The company has nearly a thousand employees and brought in more than $100 million in revenue in the past year, according to their Web site.

Much like other ransomware gangs operating today, the crooks behind Sodiniokibi seem to focus on targeting IT providers.

Every single IT provider is now a major target, because by successfully compromising a single IT provider attackers compromise dozens or hundreds of other companies in the process.

If you aren’t asking your current IT provider what they are doing to make sure that their own house is in order, you aren’t doing your due diligence.

Krebs on Security writes about a hacking incident in Colorado late in 2019:

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned.

We’ve started talking about this in verbal conversations with prospects: today your biggest risk may be your IT provider.

Most IT providers (MSPs) put an RMM agent or remote-control software on each computer that they manage. This agent then connects back to a central source where the MSP can push out security updates, backups and other such measures to keep customers secure.

However, if the MSP’s central source is hacked then it is easily possible for all of their customers to be hacked at the same time.

The active targetting of MSPs is going to reach epidemic levels soon.

We’ll unpack what all of these means in a later post. For now, the top takeaway is that you should be asking your IT provider (1) how they are securing their own house, (2) what changes they have made / are making as the security threats change.

Ars Technica and the BBC are reporting that the travel insurance and currency exchange company Travelex has been breached. Hackers have allegedly been inside the company’s network for 6 months and stolen customer information including:

  • Credit card info
  • Date of birth
  • Insurance numbers

These incidents are shockingly common yet only the big companies make the news. Data from Datto says that most small businesses either have suffered a similar attack or have been targeted by one.

How are you safe-guarding your clients’ data?

ArsTechnica: Louisiana declares state of emergency in response to ransomware attack

Earlier this week ZDNet profiled an incredible exit strategy of one of the largest Ransomware operators of the last 12 months, GandCrab.

Setting aside irony, the professionalism of the operation should catch the attention of any business owner. The operators have a Software as a Service (SaaS) business model, complete with online forum support for paying customers. They send out private emails to current customers about plans in change of service, including advising their customers to get their victims to cash in before it is too late. They are shutting down their service after claiming to have made and successfully laundered $150m.

Also, the operators plan to delete the decryption keys, so without a backup victims will be toast.

So what are the takeaways?

  • Ransomware has graduated to the level of truly organized crime: these are teenagers in their parents’ basements
  • The industry is so profitable AND competitive so as to have a “B2B” sphere, complete with customer support
  • It was true a few years ago that ransomware operations were largely opportunistic: today the money involved means you are an active target
Baltimore, MD had a crippling ransomware attack in 2019

Baltimore has been crippled by ransomware. Over 70% of attacks now actually target small and mid-size businesses. There are 3 simple things you can do to avoid catastrophe.

1) Assume it will happen to you, 2) plan on it happening to you, 3) test your plan.