QuickBooks provider floored by MegaCortex

Cloud desktop and hosting provider iNSYNQ said on Sunday that it had begun restoring systems following a ransomware attack that left its customers unable to access accounting data and other files since disaster struck last Tuesday (July 16).

Work has begun in reactivating customers’ desktops, a process the firm warned may take some days.

The company spent the later parts of last week working with external cybersecurity experts in eradicating the malware infection before beginning the process of restoring customer data and backups confirmed to be safe.

iNSYNQ offers QuickBooks accountancy software as a cloud-based service to accountants, so the prolonged outage has left many businesses unable to access business accounting and payroll files.

Even after accounts are restored, some important files might still be inaccessible, iNSYNQ warned.

“While we caught the attack early, the malware was able to encrypt some files,” Elliot Luchansky, chief executive of iNSYNQ, explained in a blog post.

“We are currently working to determine if those are recoverable. You might see encrypted files on your desktop with .megacortex as an extension – they aren’t available to access.”

Luchansky added: “If you need access to those files immediately please check your local backups or contact support.

“Luckily, the vast majority of the files that were impacted (i.e., are encrypted) are smaller files and do not include QuickBooks or Sage files,” he added.

MegaCortex is a known ransomware strain associated with targeted attacks that rely on first breaking into networks and planting trojans (backdoors) or similar trickery.

iNSYNQ acknowledged it had been the victim of a targeted attack while going on to reassure customers in its latest status message that “based upon the investigation by our cybersecurity experts to date, there is no evidence that customer data has been accessed”.

iNSYNQ reportedly deactivated its Twitter account in the immediate aftermath of the attacks before resurfacing to acknowledge issues on Saturday, July 20.

The Daily Swig asked iNSYNQ to comment on these criticisms in a request submitted via a web form. We also asked the firm to clarify how long it anticipated it might take to reactivate customer accounts.

RELATED Lessons learned from ransomware authors’ crypto mistakes