QuickBooks hosting provider hit by ransomware attack

7th Aug 2019
Share this content

Leading hosting provider iNSYNQ, which provides services for the likes of QuickBooks, has been hit by a ransomware attack, forcing the company to turn off some of its servers to protect users.

An update on iNSYNQ’s website (image below) explained the ransomware attack experienced on 16 July “impacted data belonging to certain iNSYNQ clients, rendering such data inaccessible". The US-based provider assured users they were working to restore access as quickly as possible.


iNSYNQ status update

iNSYNQ is one of more than 20 companies authorised by QuickBooks as part of the Intuit Hosting Program, described by the company as “a distribution and licensing program that allows the desktop PC-based versions of QuickBooks for Windows (QuickBooks Pro, Premier and Enterprise versions) to be installed and managed for end users by a hosting service provider who provides users access to a secure server.”

When using a hosting server, users can access their QuickBooks account with a user name and password. Although they share similar login processes, the hosting solution and the QuickBooks Online Edition offer different features and functionality.

Since the attack, iNSYNQ has been criticised for leaving customers in the dark and providing little detail or updates on the recovery process.

Unfortunately for affected parties, unlike its cloud solution Intuit’s hosting program specifies that it is the hosts that participate in the program the ones “solely responsible for the security, privacy, availability and backup of QuickBooks data files and the software that they host”.

Smaller firms targeted

The biggest ransomware news in the UK in recent years was the Wannacry attack that cost the National Health Service £73m in 2017. However, a worrying development for accountants and their clients has been the increasing numbers of small and medium businesses becoming victims of ransomware.

According to American cybersecurity company Datto, this type of cyber-attack remains a “massive threat to small-to-mid-sized businesses,” with 79% of managed service providers having reported ransomware attacks against customers between 2016 and 2018.

Last week, a dentist office in the US, which uses QuickBooks as their accounting software, became one of the latest victims of a ransomware attack. Hackers allegedly got into the system when someone in the office opened an attachment.

According to an IT assessment, the hackers were accessing both personal and corporate computers and identifying the second group by finding out which ones had accounting software installed.

The hackers asked the dentist office to pay $10,000 to recover its files, an amount that would double every 48 hours. Following the advice by the authorities, the company has not paid the ransom, but is incurring in the cost of restoring the last five months of accounting files.

Security measures against ransomware

A ransomware attack occurs when the recipient opens a malicious attachment or link, generally sent via an email crafted to look as if it came from a sender known to the recipient. 

If the infected file is opened, the files in the computer are encrypted and the screen shows a message explaining how to make a payment to unlock the data. A countdown indicates the amount of time the user has left to pay before the data is lost.

Authorities advise against paying a ransom, as doing it doesn’t actually guarantee the attackers will provide access to the data.

On its website, QuickBooks prompts users to do a vulnerability assessment to discover potential flaws in their systems. The company also advises to make regular backups of important files as well as to use a good anti-virus and keeping it updated.

However, when it comes to protecting a business against ransomware attacks, considering the human factor is also essential. QuickBooks recommends training staff so that they avoid downloading files from unrecognised sources and so that they follow best practice, including checking emails and links for mismatched URLs and unknown return addresses.

As explained by Dave Watson, managing director of Hosted Accountants, part of IRIS Software Group, losing data does not only impact a firms’ operations, but it can also hurt its reputation if the clients’ records are lost or compromised.

“The consequences for your firm can be severe,” he said. “No one wants to call their client and let them know you have lost all their data. Not to mention issues with GDPR, and confidentiality.”

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.