California based IT services provider Synoptek has become a victim of a ransomware attack which has impacted thousands of its customers nationwide. And sources report that the file-encrypting malware might have entered the network early this month and locked down the files from December 23rd of this year.
What’s interesting in this malware saga is the fact that the IT staff of Synoptek did not want to take any kind of risks in the Christmas season and so bowed down to the demands of hackers by paying them a stipulated sum in the form of cryptocurrency.
According to the website, Synoptek is a Managed Service Provider (MSP) that offers cloud-based IT services to more than 1100 customers across various business segments like financial companies, healthcare, local governments, manufacturing, media, automobile, and software sectors.
Synoptek has released a press statement confirming the incident. But did not reveal anything about its ransom payment and remediation efforts.
Releasing a press update to CRN, Synoptek CEO Tim Britt revealed that the “holiday attack” did affect over 1,178 customers. But the incident was contained in time and the data was cent percent restored by December 26th,2019.
Prima Facie says Sodinokibi Strain Ransomware was used to encrypt files on the database of Synoptek. And a fair amount of ransom was demanded in exchange for the decryption key.
Note 1- Sodinokibi Ransomware was the malware that hit over 22 municipalities in Texas.
Note 2- Synoptek was purchased by a private equity firm called Sverica Capital Management in Nov’15. And since then the company which is still running on its registered name has acquired almost 4 companies like FusionStorm, EarthLink, Indusa and Dynamic Resources.