ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah

    IT Discussion
    msp ransomware security breach
    21
    111
    12.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DustinB3403D
      DustinB3403 @dbeato
      last edited by

      @dbeato said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      @DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

      So I guess we're to assume that the lack of a response from @proteksupport means that something major is occurring with their client(s).

      To be fair, this place is fast. They are not likely used to forums moving this quickly.

      Fast compared to SpiteWorks, sure I suppose.

      MMm it depends what you are talking about.

      Fast response times.

      Not so fast deleting comments made by people that SpiteWorks thinks that they can make money off of. πŸ˜„

      dbeatoD 1 Reply Last reply Reply Quote 0
      • dbeatoD
        dbeato @DustinB3403
        last edited by

        @DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

        @dbeato said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

        @DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

        @scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

        @DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

        So I guess we're to assume that the lack of a response from @proteksupport means that something major is occurring with their client(s).

        To be fair, this place is fast. They are not likely used to forums moving this quickly.

        Fast compared to SpiteWorks, sure I suppose.

        MMm it depends what you are talking about.

        Fast response times.

        Not so fast deleting comments made by people that SpiteWorks thinks that they can make money off of. πŸ˜„

        That's a different story, very few of my posts are moderated but I try to do as fast responses as I can. I barely have time to post on both places πŸ™‚

        1 Reply Last reply Reply Quote 0
        • CloudKnightC
          CloudKnight
          last edited by

          Is there a public news article about this MSP or has one of their clients contacted you @scottalanmiller

          DustinB3403D scottalanmillerS 2 Replies Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403 @CloudKnight
            last edited by

            @StuartJordan said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

            Is there a public news article about this MSP or has one of their clients contacted you @scottalanmiller

            The latter based on the OP.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @CloudKnight
              last edited by

              @StuartJordan said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

              Is there a public news article about this MSP or has one of their clients contacted you @scottalanmiller

              This IS the public news article πŸ™‚

              Yes, we know about it first hand.

              CloudKnightC 1 Reply Last reply Reply Quote 2
              • CloudKnightC
                CloudKnight @scottalanmiller
                last edited by

                @scottalanmiller thanks for clarifying, I just looked at the op again..

                "So we heard from customers of Protek Support" - I was skimming I must admit.

                It is interesting that we only talked about this yesterday or the day before about that reddit link I posted.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @CloudKnight
                  last edited by

                  @StuartJordan said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                  @scottalanmiller thanks for clarifying, I just looked at the op again..

                  "So we heard from customers of Protek Support" - I was skimming I must admit.

                  It is interesting that we only talked about this yesterday or the day before about that reddit link I posted.

                  No kidding. Really weird that we were discussing it so recently.

                  CloudKnightC 1 Reply Last reply Reply Quote 1
                  • DashrenderD
                    Dashrender @dbeato
                    last edited by

                    @dbeato said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                    I think that if it was VPN, still bad practice to have VPN from MSP or any other systems that unprotected. MSPs should not need to have VPN to customers at all.

                    And vendors wonder why I won’t let them VPN into my network.... ha

                    pmonchoP 1 Reply Last reply Reply Quote 10
                    • CloudKnightC
                      CloudKnight @scottalanmiller
                      last edited by

                      I Hope the MSP and client(s) manage to sort everything out. I can't help thinking this will be quite damaging for the provider and wouldn't like to see people loose clients and potentially their jobs.
                      Lessons are always learned when something serious happens like this though.

                      1 Reply Last reply Reply Quote 3
                      • pmonchoP
                        pmoncho @Dashrender
                        last edited by

                        @Dashrender said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                        @dbeato said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                        I think that if it was VPN, still bad practice to have VPN from MSP or any other systems that unprotected. MSPs should not need to have VPN to customers at all.

                        And vendors wonder why I won’t let them VPN into my network.... ha

                        Amen to that.

                        1 Reply Last reply Reply Quote 1
                        • Reid CooperR
                          Reid Cooper
                          last edited by

                          Looks like up until a few days ago they were really active on Twitter. And then went silent around when the supposed issue began.

                          https://twitter.com/proteksupport

                          Their last posts before going silent were all about security and avoiding things like ransomware.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • RojoLocoR
                            RojoLoco @EddieJennings
                            last edited by

                            @EddieJennings said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                            @RojoLoco said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                            @Reid-Cooper I would NEVER hire or even consider an MSP that paid a ransom. That means they are incapable or unwilling to make and test backups, so that's a hard no.

                            I've seen a situation where the ransomware ate most of the backups.

                            True, that is entirely possible... but the other part of paying the ransom is that you're really just painting a big bullseye on yourself. Once the bad guys know you will pay, the spearphishing will increase dramatically. I wouldn't hire an MSP that was a known ransom payer.

                            scottalanmillerS 1 Reply Last reply Reply Quote 2
                            • scottalanmillerS
                              scottalanmiller @RojoLoco
                              last edited by

                              @RojoLoco said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                              @EddieJennings said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                              @RojoLoco said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                              @Reid-Cooper I would NEVER hire or even consider an MSP that paid a ransom. That means they are incapable or unwilling to make and test backups, so that's a hard no.

                              I've seen a situation where the ransomware ate most of the backups.

                              True, that is entirely possible... but the other part of paying the ransom is that you're really just painting a big bullseye on yourself. Once the bad guys know you will pay, the spearphishing will increase dramatically. I wouldn't hire an MSP that was a known ransom payer.

                              Absolutely. Not only do you paint a target on yourself, but you justify the attack, and fund further attacks and research. It is bad all around.

                              Plus there is the huge risk that you pay and they don't release the files anyway.

                              1 Reply Last reply Reply Quote 0
                              • SmithErickS
                                SmithErick
                                last edited by

                                Wonder if their RMM was the attack vector with that known ConnectWise / Kaseya depreciated integration?

                                scottalanmillerS pmonchoP 2 Replies Last reply Reply Quote 1
                                • scottalanmillerS
                                  scottalanmiller @SmithErick
                                  last edited by

                                  @SmithErick said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                                  Wonder if their RMM was the attack vector with that known ConnectWise / Kaseya depreciated integration?

                                  I would guess it is a decent chance.

                                  1 Reply Last reply Reply Quote 0
                                  • pmonchoP
                                    pmoncho @SmithErick
                                    last edited by

                                    @SmithErick

                                    Received my Cyberheist email from KnowBe4 about an hour ago and one article confirms that it was ConnectWise / Kaseya vulnerability from 2017 that was the vector.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @pmoncho
                                      last edited by

                                      @pmoncho said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                                      @SmithErick

                                      Received my Cyberheist email from KnowBe4 about an hour ago and one article confirms that it was ConnectWise / Kaseya vulnerability from 2017 that was the vector.

                                      We had a thread about that last week here on ML. We know that ConnectWise had vulnerable DLLs on their Windows installs. But we don't know if that was the case here. But we do know that they advertise publicly that they use some ConnectWise stuff, so the chances are relatively high.

                                      pmonchoP 1 Reply Last reply Reply Quote 0
                                      • pmonchoP
                                        pmoncho @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                                        @pmoncho said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                                        @SmithErick

                                        Received my Cyberheist email from KnowBe4 about an hour ago and one article confirms that it was ConnectWise / Kaseya vulnerability from 2017 that was the vector.

                                        We had a thread about that last week here on ML. We know that ConnectWise had vulnerable DLLs on their Windows installs. But we don't know if that was the case here. But we do know that they advertise publicly that they use some ConnectWise stuff, so the chances are relatively high.

                                        Yeah, I saw that.

                                        What I found interesting was that a source stated that the update was either not installed or not installed "correctly." What is "not installing correctly" with regards to Connectwise?

                                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                                        • scottalanmillerS
                                          scottalanmiller @pmoncho
                                          last edited by

                                          @pmoncho said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                                          @scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                                          @pmoncho said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:

                                          @SmithErick

                                          Received my Cyberheist email from KnowBe4 about an hour ago and one article confirms that it was ConnectWise / Kaseya vulnerability from 2017 that was the vector.

                                          We had a thread about that last week here on ML. We know that ConnectWise had vulnerable DLLs on their Windows installs. But we don't know if that was the case here. But we do know that they advertise publicly that they use some ConnectWise stuff, so the chances are relatively high.

                                          Yeah, I saw that.

                                          What I found interesting was that a source stated that the update was either not installed or not installed "correctly." What is "not installing correctly" with regards to Connectwise?

                                          Good question. How does Connectwise get "installed incorrectly" that puts it at risk? And why do they make it so easy to do that someone actually did?

                                          1 Reply Last reply Reply Quote 0
                                          • DustinB3403D
                                            DustinB3403
                                            last edited by DustinB3403

                                            Does ConnectWise come with a default set of credentials to use and access that needs should to be changed once the installation is complete?

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 3 / 6
                                            • First post
                                              Last post