TekLinks Confirms, Mitigates Brute Force, Ransomware Cyberattack
TekLinks, a well-known MSP and CSP, this evening responded to reports of a server cyberattack involving at least one of its customers.
MSSP Alert, our sister site, broke news about the attack earlier today. Amid the chatter, MSSP Alert and ChannelE2E asked TekLinks for details about the attack, and the MSP responded this evening.
In a statement we received this evening, TekLinks confirmed the attack but emphasized the limited nature of the incident, and also assured customers that the MSP’s infrastructure was not breached during the attack.
According to the statement, TekLinks recently discovered a cyberattack that affected a limited number of customers. The threat was identified, researched and promptly remediated, TekLinks added.
“We regret any inconvenience or alarm this has caused our customers. We immediately contacted our customers who may have been impacted by this threat, and promptly resolved the reported issue,” says TekLinks CEO Jim Akerhielm, in a statement to ChannelE2E. “Customers who have not been contacted, were not impacted.”
TekLinks Infrastructure: No Breach
According to the statement: TekLinks infrastructure was not breached and there is no evidence that any files were actually exfiltrated or viewed during the attack. The incident combined two common cyberattack strategies: A brute force attack on an external customer server, and ransomware. Brute force refers to a trial and error hacking method that attempts to decode encrypted data such as passwords or PINs. Ransomware is software designed to lock data in exchange for a ransom to release the data.
“This incident targeted a small number of our customers,” added Akerhielm in the statement. “We are proud of our technical team who identified this threat and remediated the situation quickly. While there is no guaranteed protection for internet-based systems, we are continually focused on ways to improve threat detection and response.”
TekLinks Customer Disclosed the Breach
Chatter about the attack first surfaced when Surgical Dermatology Group disclosed a breach to customers. The Surgical Dermatology Group disclosure, posted on the company’s website, said the May 2017 breach involved a server managed by TekLinks. With that information in hand, MSSP Alert and ChannelE2E earlier today reached out to TekLinks for comment, and the MSP replied this evening.