Most users of MIP’s single-tenant financial software have either been fully restored or have been set up in a temporary environment using their backups while the company works to fully restore their original environment after being locked out for three weeks.
As previously reported by The NonProfit Times, MIP was the target of a ransomware attack on March 24. “We are not able to release specific information, but we have communicated individually with our customers if they were impacted. We also committed many additional resources to get our customers up and running,” according to a statement from MIP.
MIP is owned by Community Brands. The firm declined to provide specifics regarding the attack, when it was discovered, how long ago the server might have been hacked or whether a ransom was paid. Those types of attacks often involve encrypting files with 50 characters or more.
“We can confirm that a ransomware attack recently occurred in one of our off-site hosting environments. While not diminishing the impact to a small group of customers, the vast majority of our MIP customers were not affected, and no customers utilizing our MIP Cloud product were impacted,” according to an MIP spokesperson.
“This was an infrastructure attack, and we understand that these types of ransomware attacks are common and unfortunately, many companies have been hit,” according an MIP spokesperson. “Absolutely no company wants to be in this position. We have continually invested in security and will maintain that vigilance into the future.”
The firm’s investigators have not discovered evidence that any data was exposed. “As you well know, these nonprofit organizations do great work in the world, and we’re pained to know they’ve been impacted by this situation,” said the spokesperson.
For the affected users, safe recovery required creating a new environment. “At this time, virtually all customers have either been fully restored in the original environment or have been restored in a temporary environment using their backups while we work to fully restore their original environment,” according to the spokesperson. “Our teams have been working literally around the clock, seven days a week to restore services.”
Customers are being given a choice as to which environment they’d like to be restored. Some are migrating to an MIP Cloud environment where they are able to use the MIP Cloud product if they chose, according to the spokesperson. Some are migrating to an MIP multi-tenant environment. Amazon Web Services hosting is also being made available, sources told The NonProfit Times.
On March 27, customers were informed that Community Brands and MIP were working with an external cyber forensics partner and thought that they were in the recovery phase. The firm told customers it did not appear that system data was exposed. Customers were told the firm was working through a process that included scanning data, setting up new environments, identifying who was impacted and retrieving backups.
The first to get back online were those whose MIP data is not impacted. Data in the system was up to date as of March 24, but MIP Share and third-party integrations were not working, customers were told a few days after the system was taken offline.
Getting the impacted back online included scanning data, setting up new environments, working to identify who’s impacted and retrieving backups, according to an MIP memo to impacted users.