Ransomware - Support IT
Virksomhed
MSP - Support IT (SIT) multiple companies affected
Sektor
Multiple
## Beskrivelse
The MSP Support IT A/S (SIT) was hit by a cyberattack not directly but through their customers according to the Danish news site Computerworld where more than 70 SIT customers/companies was affected. A annonymus technical ressource in SIT states to Computerworld that it is a "reply-attack" where one on the customers to SIT have had their Microsoft Exchange mail servers hacked and their e-mail threads hijacked by the threat actor to persuade SIT to open a malicious attachment/link. When SIT was aware of the breach they did a control shutdown of all the company servers affecting the customers directly. SIT reports that it takes backup of all data which might be why the recovery time has been relatively short.
## Tidslinje
04.02.2022
SIT is aware of the breach and by recommendation by a security expert shutdowns all servers.
09.02.2022
Large realestate companies EState and Nybolig is back online
11.02.2022
Customers that are on shared servers are not online yet, but most customers on dedicated servers are back online.
14.02.2022
Realmæglerne is back online after more than a week of downtime.
## Sikkerhedsrådgivning
## Referencer
09.02.2022
08.02.2022
- https://www.version2.dk/artikel/hackerangreb-paavirker-flere-danske-ejendomsmaeglerkaeder-maatte-lukke-hjemmesider-1094158
- https://www.computerworld.dk/art/259647/flere-danske-ejendomsmaeglere-paavirket-af-hackerangreb-paa-dansk-it-leverandoer