Dragoon Security Group
New light on the iNSYNQ ransomware attack
It appears the cloud hosting provider of Quickbooks was initially infected through a phishing email received by a member of the sales department.
Attackers spent 10 days in the company’s infrastructure, spreading the malware to systems and data backup solution.
The firm’s Incident Response Plan allowed them to stop the spread of infections but not until half of their systems had been compromised, including their backup solution which has since been overhauled.
While most customers have been restored and operational, continued recovery efforts are ongoing.
#ransomware #insynq #cloud #quickbooks #phishing #sales #data #backups #accounting #bookkepping