Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah
-
That page is now mysteriously gone.
-
@IRJ LOL, we had actually been giggling about that the other day
-
@Reid-Cooper said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
Looks like up until a few days ago they were really active on Twitter. And then went silent around when the supposed issue began.
https://twitter.com/proteksupport
Their last posts before going silent were all about security and avoiding things like ransomware.
Just checked it again, still silent. Pretty suspicious.
-
A second customer of Protek came forward and confirmed the ransomware situation. So definitely looking for Protek to respond with what part of the customers' statements is not true.
-
So they are sending this to customers, while still claiming it isn't true?
-
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So they are sending this to customers, while still claiming it isn't true?
Do we know if the cause of the ransomware hit to these places were due to Protek, or that they just happen to be protek customers, or a 3rd party service for example that protek uses for it's customers? Or was Protek itself hacked, and therefore customers networks exposed....?
What's really going on?
-
@Obsolesce said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So they are sending this to customers, while still claiming it isn't true?
Do we know if the cause of the ransomware hit to these places were due to Protek, or that they just happen to be protek customers, or a 3rd party service for example that protek uses for it's customers? Or was Protek itself hacked, and therefore customers networks exposed....?
What's really going on?
Protek isn't saying and they aren't responding here and their Twitter feed is silent since this happened. What we know for sure is that multiple (and rumor is "all") of their customers were hit at the same time. Whether or not Protek was hacked themselves, or was ransomed themselves we have no way to know.
We do know that Protek is the responsible party that had to pay the ransom, it was not coincidental that their customers were hit, it was a problem on the Protek side that caused or allowed it to happen. Protek was the vector through which it happened.
If it was a third party service, you'd expect the third party to have to have paid.
-
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@Obsolesce said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
@scottalanmiller said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
So they are sending this to customers, while still claiming it isn't true?
Do we know if the cause of the ransomware hit to these places were due to Protek, or that they just happen to be protek customers, or a 3rd party service for example that protek uses for it's customers? Or was Protek itself hacked, and therefore customers networks exposed....?
What's really going on?
Protek isn't saying and they aren't responding here and their Twitter feed is silent since this happened. What we know for sure is that multiple (and rumor is "all") of their customers were hit at the same time. Whether or not Protek was hacked themselves, or was ransomed themselves we have no way to know.
We do know that Protek is the responsible party that had to pay the ransom, it was not coincidental that their customers were hit, it was a problem on the Protek side that caused or allowed it to happen. Protek was the vector through which it happened.
If it was a third party service, you'd expect the third party to have to have paid.
Gotcha, makes sense now.
-
Now if only Protek would own up and admit what happened, we'd know some more. Without them willing to engage in a dialogue, everyone automatically kind of jumps to the worst possible case in their minds. Given that their remediation is not going well (that's how we found out about it, they weren't actively fixing affected customers for a while, and possibly not at all yet, we don't know) it seems like going public with an apology and explanation would be the best thing to do.
-
Just decided to check in on their Twitter feed again. Still nothing. Total silence since the issue began. No word if any customers have been restored yet.
-
Just looking at this a month later (one month to the day.) Still waiting on clarification from Protek as to what they meant when they said that this didn't happen. Their Twitter and Facebook still remain silent, having gone dark the day that this occurred. They website doesn't have new content (but few would.) But did just before. The only change seems to be that they used to prominently display their team on their site, and that appears to have been removed from what I can tell. If I were to guess, that's either because too many of those people are no longer there and/or the site made it really clear that the staff were nearly all break/fix reactive techs and that there was only one "proactive" staffer in the entire company (Protek's own words) so advertising themselves as a proactive solution probably didn't fly.
-
The entire page has just been removed.
-
@DustinB3403 yeah, that was their prominent page prior to a month ago. And their ransomware page was removed previously. LOL
-
@DustinB3403 said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
The entire page has just been removed.
Access Denied when trying to access it using archive.org
-
LOL, this did not age well.
-
@LilAng said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
LOL, this did not age well.
The only way it could've been worse is if they said "We're all vulnerable to emergencies (because of Protek), but if you are prepared. . . ."
-
@LilAng said in Protek Support MSP Ransomware Hits Customers in Salt Lake City, Utah:
LOL, this did not age well.
I had seen that one... two weeks before their compromise was discovered! They might have already been infected by that point!
-
Been another month, and no response here, and their feeds are still totally silent. They just popped into my head and I thought that I'd look up to see if they had made any announcements or anything about their situation yet. Guess not. But BAU seems to have totally died that day.
-
Another company follow up while I'm thinking about them. Their social media has remained totally silent since Feb 4th. And their blog that was always a twice weekly thing has been silent since a few days before that. The news reports definitely continue to seem to have been real, contrary to what they stated.
Goes to their blog one week before the compromise.
-
Another MSP had this happen.
Just followed up to see that ProTek is still silent, and still hasn't responded here about the claim that they didn't have this happen.