Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

California IT service provider Synoptek pays ransom after Sodinokibi attack

Synoptek, A California-based IT service provider decided to pay the ransom to decrypt its files after being infected with the Sodinokibi ransomware. Synoptek, a California-based provider of IT management and cloud hosting services paid the ransom to decrypt its files following a Sodinokibi ransomware attack. The gang behind the Sodinokibi ransomware has been very active […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

Synoptek, A California-based IT service provider decided to pay the ransom to decrypt its files after being infected with the Sodinokibi ransomware.

Synoptek, a California-based provider of IT management and cloud hosting services paid the ransom to decrypt its files following a Sodinokibi ransomware attack.

The gang behind the Sodinokibi ransomware has been very active in the US in recent weeks, in December, CyrusOne, one of the major US data center provider, was hit by the same ransomware.

Synoptek has more than 1,100 customers across multiple industries, including local governments, financial services, healthcare, manufacturing, media, retail and software. 

The infection took place on December 23, the hackers first compromised the company network then installed the ransomware.

“News of the incident first surfaced on Reddit, which lit up on Christmas Eve with posts from people working at companies affected by the outage.” reads the post published by Krebsonsecurity. “The only official statement about any kind of incident came late Friday evening from the company’s Twitter page, which said that on Dec. 23 it experienced a “credential compromise which has been contained,” and that Synoptek “took immediate action and have been working diligently with customers to remediate the situation.”

The IT service provider confirmed the attack but did not comment on whether it paid the ransom asked by the crooks.

“On Dec. 23, we experienced a credential compromise which has been contained,” Synoptek wrote in a Tweet just before 6 p.m. ET Friday. “We took immediate action and have been working diligently with customers to remediate the situation.”

Synoptek CEO Tim Britt told CRN in an email that the “holiday attack” impacted only some of Synoptek’s 1,178 customers. Britt proudly announced that its staff has contained the threat on Christmas Day and it has remediated a vast majority of customer situations before the start of business on Dec. 26.

The Sodiniokibi gang seems to focus on targeting US IT providers, in August 2019 the company PercSoft was infected with the malware, and in December the malware has infected systems at Complete Technology Solutions.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Sodiniokibi, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]