Cyber Incident Victim: InSynq
Date:
Jul 2019
Location:
United States of America
Summary
A cloud-based virtual desktop provider suffered a ransomware attack causing a major multi-day outage affecting its services and hosted applications like QuickBooks. The MegaCortex ransomware encrypted some customer backup files, complicating recovery efforts and prolonging downtime as the company reinstalled servers and restored data. Service disruption impacted both direct clients and businesses relying on its infrastructure, straining customer relations during the extended restoration process. Recovery operations required gradual repopulation of files across accounts, with affected users advised to utilize older backups or contact support for encrypted data. The incident underscored the ransomware's targeting of enterprise environments and the operational challenges in restoring cloud-hosted systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 16, 2019, cloud computing provider iNSYNQ suffered a ransomware attack that disrupted its virtual desktop infrastructure, triggering a week-long outage. The company, which hosted environments for Intuit QuickBooks web applications and accounting services alongside its direct customers, immediately took its systems offline to contain the MegaCortex ransomware strain. This newly identified threat, first documented by Sophos in May 2019, targeted enterprise networks rather than individual consumers. iNSYNQ’s recovery required reinstalling thousands of servers and restoring from backups, though some backup files had been encrypted by the attackers, complicating restoration efforts. CEO Elliot Luchansky confirmed these details in a July 22 blog post, acknowledging the operational crisis had persisted for six days. The company prioritized rebuilding its infrastructure while urging affected users to await gradual data repopulation in their accounts.
The incident impacted both iNSYNQ’s client base and downstream businesses relying on its hosted QuickBooks services, with full service restoration projected to take several additional days beyond the initial outage period. Recovery delays stemmed from the scale of reinstalling systems and verifying backup integrity, particularly for encrypted files that required alternative restoration methods. Customers with surviving pre-attack backups were instructed to use those copies, while others were directed to contact iNSYNQ support for assistance. Public frustration mounted as the outage extended, damaging the provider’s reputation amid widespread service unavailability. The attack underscored the operational vulnerabilities of web hosting providers to ransomware, where containment and recovery processes prove disproportionately complex compared to conventional IT environments. iNSYNQ’s experience marked the first major publicized compromise attributed to the MegaCortex group, demonstrating their capacity to disrupt critical business infrastructure.