If you google for “saca tech ransomware” you will find a number of videos and various marketing pieces from Saca Technologies / IronOrbit talking about how to protect yourself from ransomware. But apparently, the company wasn’t able to protect itself, according to various online sources, including this Reddit thread: Managed Exchange Provider IronOrbit/SACA Technologies experiences breach.
I know of one local company using this service and they have been down since at least April 26. Despite all their sermonizing on the subject, Saca Technologies’ response appears to be a lesson in how not to deal with a situation like this. They began by saying it was an “outage” and continued to tell customers that they would be back up “soon,” promising various specific dates. They have not been transparent at all about what is really going on, which is, according to online sources, they were hit by ransomware, probably Doppel/Paymer. DoppelPaymer has apparently removed all data from Saca’s servers and released examples of it to prove they have it.
One customer reports:
From the very beginning, no matter what day you may have been lucky enough to actually get someone on the phone, the standard response has been “in the next day or two” for restoration. Last Friday it was Monday. Monday arrived and is now supposed to be today. I fully expect a phone call at some point today telling me the new date is Friday. It’s a constant exercise of not knowing if I should laugh or cry when they give me an update.
This aligns with the reports from the customer I know, who reports, as of May 4, when trying to reach the company, one is now being referred to their attorneys. Experts are recommending that any company using the services of Saca Technologies / IronOrbit “rebuild from scratch elsewhere.”