Given our status as an affinity partner of CalCPA providing services to many CPA clients, we’ve had quite a few people reach out with concerns about CCH cloud systems being down and the lack of communication from Wolters Kluwer. While there isn’t much, here is what we do know:
The service interruption was unplanned and began yesterday morning (PDT)
They are actively working to restore services:
So far, this only affects CCH cloud (Axcess) customers, not on-premise.
There is quite a bit of speculation on the internet about the company having been hit by a strain of ransomware, specifically MegaCortex. There is no confirmation of this, and having been through countless incident responses at Ariento, we strongly advise against speculation. If a breach in fact did occur, Wolters Kluwer is obligated to report it and will in due time. Speculation only causes premature panic and takes away from the company’s efforts to remediate and fix the issue.
That said, here’s what you need to know:
If this is a ransomware attack, it does not automatically mean it is a data breach. Some strains of ransomware have back doors built into them that allow unauthorized access to data, and some do not (they simply try to extort money, but never give unauthorized access to the data). Assuming CCH has good backup in place, it is possible that even if they did get hit by ransomware, no data will be lost or accessed by a hacker, and there will be no data breach to report.
We recommend blocking access to CCH servers as a precaution only and have done so for our clients.
The right next generation anti-exploit software (Ariento’s included) is already blocking MegaCortex and other strains of similar malware. In fact, there have been (so far) 76 confirmed attacks stopped since February, with 47 of those (or about two thirds of the known incidents) happening in the past 48 hours. Each attack targeted an enterprise network and may have involved hundreds of machines.
At this time, as difficult as it may be, we need to be cautiously patient. We will keep you posted if and when more information comes out. As always, please don’t hesitate to contact us with any questions or concerns.
Sincerely,
Chris Rose
Partner, Ariento Inc.
——————————-
Update from CCH at ~10:30am PDT on Tuesday, May 7:
On Monday May 6, we started seeing technical anomalies in a number of our platforms and applications. We immediately started investigating and discovered the installation of malware. As a precaution, in parallel, we decided to take a broader range of platforms and applications offline. With this action, we aimed to quickly limit the impact this malware could have had, giving us the opportunity to investigate the issue with assistance from third-party forensics consultants and work on a solution. Unfortunately, this impacted our communication channels and limited our ability to share updates. On May 7, we were able to restore service to a number of applications and platforms.
We regret any inconvenience and that we were unable to share more information initially, as our focus was on investigation and restoring services as quickly as possible for our customers.
We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing. We want to apologize for any inconvenience this may have caused.
Update from CCH at ~2:12pm on Tuesday, May 7:
Update May 8, 17.00 CEST:
For our customers in North America: As we continue to bring our support centers back online, please use this temporary number 800-930-1753 to contact us. While we may not be able to directly answer your question, we will forward your inquiry internally to the appropriate party.
Update May 8 at ~3pm PDT:
We have restored network and services for CCH Axcess.
Our priority has been to bring the system up and get you back to work as quickly as possible. In order to do that, we have had to make a few choices, and a few functions are currently unavailable:
· The e-filing capability is not yet available at this time. We will notify you when it is available; please hold your e-filing until then. Should you attempt to e-file in the meantime, you will receive an upload error message. For now, please save your returns within the CCH Axcess application.
· The email capability is performing slower than normal. You will notice a latency when attempting to send and receive email message.
· Some articles and news are not accessible via links. Currently you will not have access to links to chat or support content; links to CCH Software news, or links to Knowledge Base Articles/Reviews
At this time, new users cannot be activated. For now, you will not have the ability to set up new users within the CCH Axcess application.