KnowBe4 Security Awareness Training Blog

Three Lessons from a Recent MegaCortex Ransomware Phishing Attack

Written by Stu Sjouwerman | Aug 12, 2019 10:55:16 AM

The MegaCortex strain of ransomware has been used in criminal campaigns targeting businesses as opposed to private individuals. The QuickBooks cloud-hosting firm iNSYNQ, has sustained such an attack, and their infection, response, and recovery makes an instructive story. KrebsOnSecurity has an account of the incident. It apparently began when a member of the company’s sales staff fell for a phishing email on or around July 6th.

iNSYNQ took its network offline on July 16th, after it realized it was under ransomware attack. Unfortunately it failed to communicate why the network was down or when service would be restored. Some of its customers complained about being “stonewalled,” adding a public relations problem to the basic security and extortion issues. iNSYNQ’s CEO Elliot Luchansky held a “town hall” last Thursday, August 8th, 2019, in which he sought to bring customers up to speed.

Part of that involved an apology. “We could definitely have been better prepared, and it’s totally unacceptable,” Luchansky said at the town hall. “I take full responsibility for this. People waiting ridiculous amounts of time for a response is unacceptable.”

There was a reason, however, for the stumble. The company had reason to believe that the attackers were monitoring whatever steps iNSYNQ was taking to recover from the attack, and that they would be able to use any communication to further damage the company.

The attackers are thought to have gained access to the company’s internal networks and to have spent about ten days in reconnaissance before they triggered the MegaCortex payload they had delivered. That degree of persistence led iNSYNQ to fear that any communication would have done more harm than good.

The company decided ultimately not to pay the ransom, which it described as “very substantial,” and has now succeeded in restoring more than 90% of access to customer files. iNSYNQ did have backups, but some of the backups were themselves infected. The MegaCortex criminals ransom demands in other cases have ranged from two to six-hundred bitcoins, or $20 thousand to $5.8 million.

There are a few lessons to consider here:

  1. Your organization’s backups must themselves be made secure from a ransomware attack.
  2. An investment in thorough incident response planning is well-spent.
  3. Finally, employee training in recognizing and resisting phishing attempts is vital. New school security awareness training can help any organization raise its resistance to social engineering.

KrebsOnSecurity has the story: https://krebsonsecurity.com/2019/08/insynq-ransom-attack-began-with-phishing-email/

Get Your Ransomware Hostage Rescue Manual

Is your organization prepared for a ransomware attack? This 20-page manual is packed with the actionable information you need to prevent infections, and find what to do when you are hit with malware like this. 

You will learn more about:

  • What is Ransomware?
  • Am I Infected?
  • I’m Infected, Now What?
  • Protecting Yourself in the Future
  • Attack Response and Prevention Checklists

Don’t be taken hostage by ransomware. Download your rescue manual now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/ransomware-hostage-rescue-manual-0