Ransomware attack hits QuickBooks cloud hosting provider Insynq

Insynq, a provider of cloud hosting for QuickBooks products, was hit with a ransomware attack on July 16, making it the second cloud hosting provider in the accounting space to have experienced a security event this year — in May, Cetrom experienced a similar attack.

On July 19, Insynq informed its customers that the attack three days earlier was perpetrated by “unknown malicious attackers.” According to the company, the attack impacted data belonging to some Insynq clients, rendering this data inaccessible. Inqync reports that as soon as it discovered the attack, it “took steps to contain it,” including taking some servers offline to protect client data and backups.

Insync also reported it has engaged cybersecurity experts for assistance, and is “working as quickly as [it] can to restore access to all impacted data.”

“We are working diligently to ensure backups are available to you once we have addressed the underlying problem,” Insynq’s statement tocustomers reads. “We are taking extreme measures to get your data and environments back up and running as soon as possible. To manage expectations, it is unlikely that we will be able to accomplish this today. We’ll continue to follow up as we have more clarity on the situation.”

Ransomware is a type of malware that encrypts data so that hackers can ask for a ransom in exchange for de-encryption. To give an idea of how expensive this can be, a Florida city, Riviera Beach, is preparing to pay $600,000 to hackers who deployed ransomware into the city’s computer systems earlier this year. The money will come from the city’s insurer, but there is no guarantee that it will get its data back after payment.

Cetrom, the hosting provider that went through a malware attack earlier this year, took all of its systems down as a precaution while it worked on finding the source of the breach and safeguarding its data from compromise. The same thing happened to CCH, a suite of accounting products under the Wolters Kluwer Tax Accounting umbrella, in May. CCH took its products offline for a few days between May 6-10, with products being put back online piecemeal as it was deemed safe to do so.

It’s important to note that as far as has been reported, in each of the earlier cases, no data was compromised or lost. Thus far, it is unclear whether this is the case with the Insynq breach. Insynq has specifically called this a ransomware attack, while the Cetrom and CCH incidents were identified as malware, an umbrella term for any malicious code that is harmful to computers.

Beyond the official statement on its website, Insync has not communicated with its customers, and in turn, customers have taken to social media to complain. But this response makes sense for a company scrambling to understand a cyber-incident and restore its systems. Oftentimes, sending out minute-to-minute updates can be confusing, and can also have insurance and legal implications. For now, customers should expect relative silence from the company until concrete progress has been made.


Ranica Arrowsmith


For reprint and licensing requests for this article, click here.