Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah
-
@scottalanmiller I've seen entire LANs hit by ransomware and it's tough getting it back up because everything is either down by the ransomware or by choice (to avoid it getting worse).
So your machine will not get an IP address because DHCP is down, you can't log in because AD is down, you can't access backups even if you have them because of the above and DNS is down. And often firewalls and WAN links have been shut down as well. PBX will be down, O365 can't be accessed. Where did we put the emergency plan?
There are a lot of interdependencies among services that you don't always realize until you have to. So you have to start slowly and unravel everything from one end to the other. It takes A LOT of time.
For one enterprise I know of it took months and the cost was billions. -
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So we heard from customers of Protek Support in Salt Lake City that the MSP has been hit with ransomware that has gone on to hit all of their clients as well. From what we understand, they are currently on four days of customers being without their files and they aren't cleaning them up yet. We would suspect that their internal systems have been hit and they are tied up dealing with that.
I don't know where you got such information from, but this is simply not true.
-
@proteksupport said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
I don't know where you got such information from, but this is simply not true.
That's easy to say without having any proof to back it up. Are you secretly Donald Trump?
Also welcome to the community
-
This post is deleted! -
@proteksupport said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So we heard from customers of Protek Support in Salt Lake City that the MSP has been hit with ransomware that has gone on to hit all of their clients as well. From what we understand, they are currently on four days of customers being without their files and they aren't cleaning them up yet. We would suspect that their internal systems have been hit and they are tied up dealing with that.
I don't know where you got such information from, but this is simply not true.
Threads need to be deleted asap. Or company info scrubbed. No need to have the name of the company in the thread actually in either case.
-
@proteksupport said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So we heard from customers of Protek Support in Salt Lake City that the MSP has been hit with ransomware that has gone on to hit all of their clients as well. From what we understand, they are currently on four days of customers being without their files and they aren't cleaning them up yet. We would suspect that their internal systems have been hit and they are tied up dealing with that.
I don't know where you got such information from, but this is simply not true.
Are you actively cleaning up some customers but not all? Whats the status?
-
@Pete-S said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@proteksupport said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So we heard from customers of Protek Support in Salt Lake City that the MSP has been hit with ransomware that has gone on to hit all of their clients as well. From what we understand, they are currently on four days of customers being without their files and they aren't cleaning them up yet. We would suspect that their internal systems have been hit and they are tied up dealing with that.
I don't know where you got such information from, but this is simply not true.
Threads need to be deleted asap. Or company info scrubbed. No need to have the name of the company in the thread actually in either case.
Actually its very important so that customers can discuss the issue together so that they are aware that they are not alone.
-
@proteksupport now is your chance to clear things up. Otherwise we have to assume the information posted in the OP at least as some basis in truth.
If a customer refused to have DR and backup services, literally nothing else needs to be said than "this was due to a customer decision".
If it's all false that's just as fine as well, but then we'd have to wonder why @scottalanmiller is supposedly being contacted with this claim.
@scottalanmiller are you able to shed any light on who the customer may be or otherwise help unfold this story?
-
@RojoLoco said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@Reid-Cooper I would NEVER hire or even consider an MSP that paid a ransom. That means they are incapable or unwilling to make and test backups, so that's a hard no.
I've seen a situation where the ransomware ate most of the backups.
-
@EddieJennings said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@RojoLoco said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@Reid-Cooper I would NEVER hire or even consider an MSP that paid a ransom. That means they are incapable or unwilling to make and test backups, so that's a hard no.
I've seen a situation where the ransomware ate most of the backups.
Well that would be because their backups weren't actually protected.
-
@EddieJennings said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@RojoLoco said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@Reid-Cooper I would NEVER hire or even consider an MSP that paid a ransom. That means they are incapable or unwilling to make and test backups, so that's a hard no.
I've seen a situation where the ransomware ate most of the backups.
Can happen when not air gapped.
-
As with any company, be it Microsoft, IBM, Facebook, Verisign, Whoever.... We do not protect companies when we have credible knowledge of a company's failure, or on the other hand, accomplishments are reported.
In this case, we have first hand knowledge as reported by the OP.
Just as I reported, along with many major news outlets, Wells Fargo had an outage affecting a large number of their customers and all of their investors. I would not remove their name, nor the post just because they complain.
-
@pchiodo said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
As with any company, be it Microsoft, IBM, Facebook, Verisign, Whoever.... We do not protect companies when we have credible knowledge of a companies failure, or on the other hand, accomplishments are reported.
In this case, we have first hand knowledge as reported by the OP.
Just as I reported, along with many major news outlets, Wells Fargo had an outage affecting a large number of their customers and all of their investors. I would not remove their name, nor the post just because they complain.
TL:DR Shit happens, and when it should be public knowledge it will be public knowledge.
-
I think that if it was VPN, still bad practice to have VPN from MSP or any other systems that unprotected. MSPs should not need to have VPN to customers at all.
-
@dbeato said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
I think that if it was VPN, still bad practice to have VPN from MSP or any other systems that unprotected. MSPs should not need to have VPN to customers at all.
Absolutely. But unless someone has info that I do not, notnreason to assume the MSP here had one.
-
So I guess we're to assume that the lack of a response from @proteksupport means that something major is occurring with their client(s).
-
@DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So I guess we're to assume that the lack of a response from @proteksupport means that something major is occurring with their client(s).
To be fair, this place is fast. They are not likely used to forums moving this quickly.
-
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So I guess we're to assume that the lack of a response from @proteksupport means that something major is occurring with their client(s).
To be fair, this place is fast. They are not likely used to forums moving this quickly.
Fast compared to SpiteWorks, sure I suppose.
-
@DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So I guess we're to assume that the lack of a response from @proteksupport means that something major is occurring with their client(s).
To be fair, this place is fast. They are not likely used to forums moving this quickly.
Fast compared to SpiteWorks, sure I suppose.
MMm it depends what you are talking about.
-
@dbeato said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So I guess we're to assume that the lack of a response from @proteksupport means that something major is occurring with their client(s).
To be fair, this place is fast. They are not likely used to forums moving this quickly.
Fast compared to SpiteWorks, sure I suppose.
MMm it depends what you are talking about.
Fast response times.
Not so fast deleting comments made by people that SpiteWorks thinks that they can make money off of.
