ConnectWise Hit In EU Ransomware Attack

The attack comes just weeks after the company’s ConnectWise Control product was used by bad actors in the Wipro breach, and after an integration with Kaseya was exploited in February.

ARTICLE TITLE HERE

ConnectWise suffered a ransomware attack that took its ConnectWise Manage platform offline in the EU two weeks ago, but did not compromise any personal data, the company said in a letter to partners today.

The May 3 attack came through an off-site machine that ConnectWise used for cloud-performance testing outside of its network. ConnectWise said it has hired a forensics firm to investigate the attack and has taken steps to make sure the attack cannot be duplicated.

“After we were confident that our EU cloud partners were up and running in secure new environments, we continued working with the forensics firm this week to assist us in understanding the scope of the attack,” ConnectWise CEO Jason Magee said in a letter to ConnectWise partners. “Our investigations confirmed that the ransomware variant used in the attack generally only encrypts files to extort a ransom payment, and is not designed or capable of reading, removing, or altering data. Based on our investigation to date, the only impact of the intrusion was loss of access to our hosted SaaS application. We found no indication that any personal data was destroyed, altered, disclosed to, or accessed by an unauthorized party.”

id
unit-1659132512259
type
Sponsored post

This is the latest security incident to involve Tampa, Fla.-based IT service management company. Earlier in April, the company found itself embroiled in a breach at Wipro when it was discovered that bad actors had used ConnectWise Control (formerly ScreenConnect) to seed 100 Wipro servers and distribute their attack. In February, an integration between ConnectWise and rival MSP platform Kaseya was exploited by cyber criminals.

Through its spokeswoman, ConnectWise declined to comment on this latest incident, saying its most thorough response was in its letter to partners. About 10 days prior to having its EU tool taken offline in an attack, Magee told CRN that MSPs were increasingly becoming the targets of attacks.

“Like many of the leading vendors, ConnectWise is committed to helping MSPs prevent and mitigate these threats. We know that sometimes our remote monitoring tools can be used by these bad actors,” said Magee at the time. “ConnectWise takes cyber security seriously and we realize that rumored and confirmed security incidents create stress and concern for our partners. Once we become aware of an issue, we are proactive in taking steps to resolve and/or make our partners aware of the risk. This is often accomplished via our in-app messaging capabilities.”

To mitigate damage from this attack, ConnectWise is crediting ConnectWise Manage invoices 10 percent in the EU. Additionally, it has vowed to “snapshot transaction log backups each hour to reduce the recovery point, in the event the transaction logs are compromised,” and it has added security between the “SQL clusters and the rest of the environment.” The company said it will file a complaint with the appropriate law enforcement agencies, Magee wrote in his letter to partners.

“I continue to offer my deepest apologies that this incident may have impacted your business and your confidence in our products and services,” Magee wrote to partners today. “I previously announced that credits would be issued to all affected EU cloud partners. You will be credited the equivalent of 10% of your May ConnectWise Manage invoice; this credit will be applied to an upcoming invoice for your ConnectWise Manage platform.”