Large California MSP, Synoptek, Suffers a Costly Ransomware Attack
Synoptek, located in California, suffered a ransomware attack on December 23, 2019. Initially, the incident appeared on Reddit, as employees from companies affected spoke about the impact. Shortly after, the company made an announcement on their Twitter Account, stating that they’ve experienced a “credential compromise which has been contained.” They also stated that their team “took immediate action and have been working diligently with customers to remediate the situation.”
A Look at Sodinokibi, The Ransomware That Managed to Get Through Synoptek’s Defences…
According to various sources, Synoptek was targeted by a form of ransomware known as “Sodinokibi” – a highly evasive and destructive form of ransomware that manages to prevent detection on the network. The creators were connected to the well-known form of ransomware called “GandCrab” – a strain that’s responsible for 40% of all ransomware infections around the world.
Sodinokibi encrypts data on the network, then demands a ransom in the form of cryptocurrency in exchange for the decryption key to unlock all of the infected systems and gain access to data again. Synoptek’s sources mentioned that they paid the ransom – something that isn’t typically recommended to do, but they wanted to restore their operations quickly to keep serving their clients.
What Happens Next? How Should Businesses Respond to Such a Large MSP Suffering an Attack?
Businesses need to be aware of the risks of not thoroughly vetting their third-party vendors, especially managed IT service providers who will have access to their sensitive information. The State of California, along with the US Department of Homeland Security, have been reaching out to local and state entities who may have been impacted during the attack. But back in 2018, the FBI and the US Department of Homeland Security warned MSPs and cloud providers about the risk of ransomware.
They stated that cybercriminals are targeting MSPs and cloud providers more than ever before. Why? Because many of them tend to store a ton of sensitive information belonging to their customers – from law firms to accountants and everything in between. As more and more businesses turn towards MSPs to manage their networks, attacks on MSPs continue to increase.
When Choosing an MSP, Look for IT Companies Who Undergo a Third-Party Review and Certification Process.
This incident highlights the importance of performing due diligence when selecting a third-party IT company to manage your network. Synoptek, although large and well-known – targeting healthcare providers and financial services firms – couldn’t protect themselves or their clients from this ransomware attack, despite their focus on “security as the biggest priority.” Business owners must ensure they’re choosing IT companies that undergo a third-party review and certification process.
Why? Because this shows they’re truly taking cybersecurity seriously rather than simply stating that they do. Kraft Technology Group, for instance, has achieved the MSP Verify certification – one of the first of its kind created specifically for those in the cloud, application, and information technology realm. The MSPV is based on 10 control objectives, including the following:
- Policies and procedures
- Confidentiality and privacy
- Change management
- Information security
- Data management
- Service operations
- Billing and reporting
- Corporate health
- Physical security
If an MSP holds the MSPV certification, their clients can rest assured knowing they’ve met or exceeded the standards in terms of the control objectives listed above.
Need a Nashville IT Services Company That Takes Security Seriously – Both Internally and Externally with Clients? Call Kraft Technology Group Now: (615) 600-4411.
Like this article? Keep reading…