iNSYNQ megacortex, August 13, 2019 | 0

As a follow up to our webinar covering the iNSYNQ malware attack on August 8, 2019 we've taken those questions that were not answered in the webinar and provided a Q&A below. While hundreds of questions came in, we were able to consolidate those into the below (as many of you had very similar questions and concerns). If any further questions arise, or if your questions were not answered either below or in the webinar, please contact us directly at e.luchansky@insynq.com. You can watch the webinar here.

Q. Will my clients be getting 2 free months of service?

A. Yes. You and any clients of yours that were directly impacted by the attack will receive credits with a value of 2 months. Unfortunately, we're not able to offer the full 2 months immediately. It will have to be spread over time. The exact specifics of this are being determined at the Board level on Tuesday.

Q. How did they propogate to all servers? Aren't the servers isolated from each other?

A. The attackers were patient and took several days. The servers are isolated. However, they remotely gained access to the network and were able to silently distribute the malware to all servers.

Q. What information were the attackers after?

A. Based on our investigation thus far, the attackers simply wanted money from us, they weren't after customer information.

Q. How did this remain undetected for over a month? The malware ‘megacortex’ is not new.

A. MegaCortex itself is not new but this was a new version with a different signature and new characteristics than the versions publicly known from earlier this year. Oren speaks to this a bit in the webinar- much like a flu virus, there are constantly new evolutions of variants. This was a never before seen version of MegaCortex.

Q. How did they penetrate the system?? What's being done to prevent this going forward??

A. Crowdstrike is conducting a thorough investigation of the incident and will provide us with guidance on preventing these types of issues going forward.

Q. How was MegaCortex not discovered until it was too late? Sophos has documentation and protection against it and it's associated malware.

There are variants to each Malware. Each new variant differs from the previous versions, often times with newly added counter-measures to work around anti-malware and zero-day protections.

Q. Had we been backing up your files to our desktop or server, would they have put our systems at risk of further infections?

A. Highly unlikely. Encryption malware works by encrypting files while they are at rest (not in use). The only time that your local desktops would be exposed to anything on the platform would be during a copy/paste process, which makes it an actively in use file. Unless you somehow managed to copy a well hidden payload file, there is not a way for your backups to carry the malware (although it could copy files that have been encrypted.)

Q. Sometimes I can get into a cloud and open QB and then I try again later in the day or the next and there is an error message. Something about Administrator... Does this mean there is still malware in the files?

A. Not at all. It means that there may be some system files needed to be replaced, repaired or updated. A call into technical support at 253.857.9410 is all it takes to get someone to look and fix this issue.

Q. For those of us who backed-up our data between mid-June and the time the malware was triggered - could the back-up copies we have be infected with anything? And of so, how do we recover that data?

A. This malware is not known to spread via infected files onto your local computer. It is designed to target enterprise server infrastructure.

Q. Is there a better way for backups to be configured so that they can be isolated from this kind of attack and be more quickly available if the main servers are attacked?

A. We are currently working on a strategy that will allow a strong process of creating backup snapshots and replicating them to a second location, one that can greatly reduce the likelihood of disruption.

As an end user, there are several third party applications that would allow you to select your most business critical files and maintain a copy in the cloud, completely independent of iNSYNQ's systems. Two such products are currently tested and available on our platform: Carbonite Safe Power subscription and iDrive Business.

Q. What do you now advise in regards to safety of our data - should be backup up all data locally...monthly? What do you recommend?

A. The answer here is that it is based on your business requirements and your tolerance for any lost work. Most Enterprises backup all data monthly and any changes daily.

As an end user, there are several third party applications that would allow you to select your most business critical files and maintain a copy in the cloud, completely independent of iNSYNQ's systems. Two such products are currently tested and available on our platform: Carbonite Safe Power subscription and iDrive Business.

Q. Will I have access to my data that has been encrypted/ those that are now megacortex files? If so when? If not how do I retrieve lost data?

A. Once we get through with the forensics process of the legal investigation we will be able to make these files available to you. We have not given up all hope of decrypting these files but understand that some clients would like to make an effort of their own.

Q. Will you be sharing more information once the investigation is concluded?

A. Yes, we will be providing an executive overview with the information we're able to share.

megacortex,

Got a question? Ask us.