What are managed ransomware services
Ransomware at IT Services Provider Synoptek
Synoptek, a California-based company that provides cloud hosting and IT services to more than a thousand customers nationwide, suffered a managed ransomware services attack this week that disrupted the business of many of its customers. , according to sources. It was reported that the company paid a ransom note in an effort to restore operations as soon as possible.
Irvine, California-based Synoptek is a managed services provider that operates a range of cloud-based services for more than 1,100 customers across a broad spectrum of businesses, including state and local governments, financial services, healthcare, manufacturing, media, sales and Software. The company has nearly a thousand employees and generated more than $ 100 million in revenue in the past year, according to their website.
News of the incident first appeared on Reddit, which was lit up on Christmas Eve with posts from people who worked at companies affected by the trip. The same official statement about an incident of any kind came in late Friday afternoon from the company's Twitter page, which said it received on December 23 "a credible compromise that was accepted", and that Synoptek "took action immediately and worked diligently with customers to restore the situation. "
Synoptek has not yet responded to several requests for comment. But two sources working for the company have now confirmed that their employer was hit with Sodinokibi, a powerful ransomware strain aka "rEvil" that circulates data and requires payment of cryptocurrency as a reward for a digital key. which unlocks access to infectious systems. These sources also say the company paid an unverified amount to its enemies in exchange for decryption keys.
Sources also confirm that both the State of California and the U.S. Department of Homeland Security have contacted state and local agencies that may have been affected by the attack. A Synoptek customer commented on the attack that required anonymity, while within Synoptek systems, attackers used a remote control tool to install the ransomware on messaging systems.
Just as other ransomware groups are working today, the criminals behind Sodiniokibi appear to be targeting IT providers. And it's not hard to see why: with each passing day of the attack, customers affected by it get angry and harassed on social media, which puts more pressure on the paying service provider.
Earlier this month, the Sodinokibi attack on Colorado-based IT services company Complete Technology Solutions resulted in the installation of ransomware on the computers of more than 100 dental practices that relied on the company. In August, Wisconsin-based IT provider PerCSoft was hit by Sodinokibi, causing outages for over 400 customers.
To put more pressure on victims to negotiate payment, Sodinokibi vendors recently said they intend to publish stolen data from companies that had their malware that chose to forgo their rebuilding work instead of paying for the counterfeit.
Additionally, the group behind the Maze Ransomware strain of malware recently began continuing with a similar threat, building a public Internet site that lists victims by name and includes samples of sensitive documents stolen from victims who have chosen not to pay. When the site was first created on December 14, it listed only eight victims; more than two dozen companies have been nominated to date.