The ending of 2019 also brought trouble for a number of businesses in terms of cybersecurity. Before the year-end, another ransomware attack affected IT service provider Synoptek.
Synoptek Faced Cyber Attack
Reportedly, the California-based cloud management and IT service provider Synoptek has fallen prey to a cyber attack. The firm that serves over a thousand customers suffered a cyber attack around Christmas time. Consequently, it caused disruption in various operations.
The news about Synoptek service disruptions surfaced online after people began discussing it on Reddit. However, the firm only confirmed the security incident in a tweet on December 27, 2019. That time too, they merely called it a “credential compromise” which they contained.
On Dec 23, we experienced a credential compromise which has been contained; we took immediate action and have been working diligently with customers to remediate the situation. If you are a customer who is experiencing issues, contact [email protected] or 888-796-6783.
— Synoptek (@Synoptek) December 27, 2019
As revealed, the incident took place on December 23, 2019, two days before Christmas.
In a subsequent update tweet, they merely mentioned contacting the customers affected by the incident. They did not reveal any technical details about what the incident was, how it happened, and the extent of the attack.
Update: We are in contact with all known customers who have been impacted. If you have been affected during this incident and are still experiencing issues, we want to ensure you are getting the remediation support necessary. Please contact us at [email protected]
— Synoptek (@Synoptek) December 29, 2019
Nonetheless, the government officials more promptly reached the customers in this regard. The State of California and the U.S. Department of Homeland Security alerted the users about the Synoptek cyber attack.
Sodinokibi Ransomware Involvement Suspected
According to Brian Krebs, Synoptek became a victim of a ransomware attack. As per the company sources, Synoptek suffered a Sodinokibi or rEvil infection, a new malware actively targeting the business community.
Even on Reddit, various users confirmed the incident as a ransomware attack. Some of them also fell victim to the ransomware.
Krebs also disclosed the payment of ransom. According to the sources, Synoptek paid the asked ransom to receive decryption keys.
Sources also say the company paid their extortionists an unverified sum in exchange for decryption keys.
Earlier, Sodinokibi also affected a dental backup firm PerCSoft. Though, it remained unclear whether the company paid the ransom to recover the data or not since they merely mentioned about contacting some software company for data recovery.