Synoptek, a California-based provider of IT management and cloud hosting services paid the ransom to decrypt its files following a Sodinokibi ransomware attack.
The gang behind the Sodinokibi ransomware has been very active in the US in recent weeks, in December, CyrusOne, one of the major US data center provider, was hit by the same ransomware.
The infection took place on December 23, the hackers first compromised the company network then installed the ransomware.
“News of the incident first surfaced on Reddit, which lit up on Christmas Eve with posts from people working at companies affected by the outage.” reads the post published by Krebsonsecurity. “The only official statement about any kind of incident came late Friday evening from the company’s Twitter page, which said that on Dec. 23 it experienced a “credential compromise which has been contained,” and that
The IT service provider confirmed the attack but did not comment on whether it paid the ransom asked by the crooks.
“On Dec. 23, we experienced a credential compromise which has been contained,” Synoptek wrote in a Tweet just before 6 p.m. ET Friday. “We took immediate action and have been working diligently with customers to remediate the situation.”
The Sodiniokibi gang seems to focus on targeting US IT providers, in August 2019 the company PercSoft was infected with the malware, and in December the malware has infected systems at Complete Technology Solutions.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.