iNSYNQ Restoring Customer Desktops Amid ‘Malware Storm’

'While we caught the attack early, the malware was able to encrypt some files,' iNSYNQ CEO Elliot Luchansky said in a letter to customers Monday. 'We are currently working to determine if those are recoverable.'

Cloud hosting provider iNSYNQ said it’s started to restore customer desktops following a ransomware attack discovered last Tuesday and ensuing “malware storm” that rendered inaccessible the data of an unspecified number of its clients.

“While we caught the attack early, the malware was able to encrypt some files,” iNSYNQ CEO Elliot Luchansky said in a letter to customers posted Monday on the company’s website. “We are currently working to determine if those are recoverable. You might see encrypted files on your desktop with .megacortex as an extension—they aren’t available to access. If you need access to those files immediately, please check your local backups or contact support. Luckily, the vast majority of the files that were impacted (i.e., are encrypted) are smaller files and do not include QuickBooks or Sage files.”

The Gig Harbor, Wash.-based company is continuing to work with a cybersecurity firm to analyze and ensure that no traces of malware remain and “beginning the process of restoring to customers their data and backups confirmed to be safe,” according to a separate post early Monday morning on its website.

“We will be turning customer desktops on as quickly as we can throughout the week,” the notice said. “To ensure we are making consistent traction as the week continues while also maintaining security, we’ve chosen a manual process. We’re projecting it will take several days using this process to get all impacted users back up and running. We’ll do our best to reach out to customers as individual systems are turned back on.”

iNSYNQ offers virtual desktops, web app management and QuickBooks cloud hosting among other offerings. Last week, it said it took steps to contain the attack by unknown “malicious” perpetrators as soon as it was discovered, including turning off some servers in an effort to protect customers’ data and backups.

“Based upon the investigation by our cybersecurity experts to date, there is no evidence that customer data has been accessed,” iNSNYQ said in its online update Monday.

Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid.

When customers are able to log in to iNSYNQ’s system, files and data may take time to populate to their accounts, Luchansky said. For files that do not immediately populate, customers should check their local backups for previous versions of those files or contact the company for help.

“For the next 30 days, you should back up all of your data directly to your local hard drive,” Luchansky said.

“This continues to be difficult to navigate to say the least—malware attacks are an industry-wide phenomenon that no one is 100 percent impervious to,” he said. “Businesses large and small, individuals and even are own government have been blindsided by malicious actors in the recent months. We've received confirmation from security experts that we were hit with a sophisticated malware, relatively unknown to even experts in cybersecurity.”