Are you an accountant or bookkeeper that has data on the Insync cloud servers? They are now in recovery mode and many of you who were on their system have entirely no access to your data files.
San Diego Computer Consulting is aware of this situation as we have personal experience with ransomware and the damage it does.
What can be done?
It is our hope that Insync will be able to restore the customer data, either through backup or paying the ransom. Either way, that will take time. If they can restore their customers data, those customers are very lucky. This type of attack could easily put them out of business, you out of business and your customers out of business. It is a matter of waiting for Insync to restore the data and contact you with your data files.
What was the mistake?
From what we know, they had Microsoft remote access turned on for many of their users WITHOUT Two-Factor authentication. The ransomware attack comes directly through RDP (Widows remote desktop client.) This type of vulnerability has been around for over three years. This is a true failure on the part of Insync.
How does the Ransomware virus get in through Windows Remote Desktop?
It is robot script software that attacks Windows Remote Desktop. It hacks the administrator account through brute force or password randomizer. Administrator is the master account that ALL Windows servers have. That account is NOT disabled by default like it is on Windows 10.
How can I make sure this NEVER HAPPENS AGAIN?
- We suggest you move to the Microsoft Azure cloud! Moving to the Azure Cloud is the most assured way to protect yourself. Microsoft is working every day to keep your ‘Cloud’ network safe
- Install DUO (2-Factor) authentication on the remote access server. Only the people who are authorized can even get to the server. All other users are blocked!
- We install Sophos/Intercept-X on all servers and workstations in the cloud. This service detects and stops ransomware & encrypter viruses.
- We backup our Microsoft Azure Cloud Servers with Solar Winds Backup. They are a public company with a complete backup cloud of their own separate of Microsoft. You will get a full image backup of your server nightly.
Why should I trust San Diego Computer Consulting?
Very simple, we don’t lie! We treat your computers like our very own!
All our businesses are on the line. We have a very large cyber policy to protect our customers. However, the secret to doing cloud business is to lock down the cloud, put two-factor on the virtual machines, have Sophos/Intercept-X anti-Ransomware services, and to back the machines up to an alternate company and cloud service.
This kind of targeted attack has been around for a long time. A simple announcement to all their customers stating that two-factor is required and will be installed on every machine should have been announced years ago. This left the door wide open to nefarious viruses and really was careless. It is the IT Service provider who is responsible for the safety of their customers data. But, at the end of the day, like any business, they can go under.
Bottom line, bad things happen. Insync’s backups were announced to customers to be encrypted. Simply because the backup servers were in-house. This too is careless. A good backup of a network server is to be backed up to another network outside. In this case, the backup was inside. As a result, when the network got it, it attacked all machines connected.
San Diego Computer Consulting uses Solar Winds, Inc to backup Microsoft Azure Cloud servers. This is the proper methodology.
Source: https://www.zdnet.com/article/cloud-based-virtual-desktop-provider-hit-by-ransomware/