Slashdot Mirror

← Back to Stories (view on slashdot.org)

South Korean Web Hosting Provider Pays $1 Million In Ransomware Demand (bleepingcomputer.com)

Posted by msmash on from the folding-up dept.

An anonymous reader writes: Nayana, a web hosting provider based in South Korea, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin, following a ransomware infection that encrypted data on customer' servers. The ransomware infection appears has taken place on June 10, but Nayana admitted to the incident two days later, in a statement on its website.

Attackers asked for an initial ransom payment of 550 Bitcoin, which was worth nearly $1.62 million at the time of the request. After two days of negotiations, Nayana staff said they managed to reduce the ransom demand to 397.6 Bitcoin, or nearly $1 million. In a subsequent announcement, Nayana officials stated that they negotiated with the attackers to pay the ransom demand in three installments, due to the company's inability to produce such a large amount of cash in a short period of time.

On Saturday, June 17, the company said it already paid two of the three payment tranches. In subsequent announcements, Nayana updated clients on the server decryption process, saying the entire operation would take up to ten days due to the vast amount of encrypted data. The company said 153 Linux servers were affected, servers which stored the information of more than 3,400 customers.

6 of 100 comments (clear)

  1. WTF --- So, no backups, at all? by HumanWiki · · Score: 5, Insightful

    So, outside of the question of where are all your backups, dB logging, aux-copy, snapshots, etc... How did this happen?? (reads bottom part of article)..

    Nevermind....

    1. Re:WTF --- So, no backups, at all? by Anonymous Coward · · Score: 2, Insightful

      I do not know how many times I have heard a DBA or System Admin claim that they had sound backups... because legato (etc...) server said they did, only to find out that they had no usable backup tapes when something bad did happen and they had to recover.

      There is a significant cost to testing the recovery of backups and many companies do not test to make certain that the backups they are running have any value at all

  2. "You know... by cirby · · Score: 5, Insightful

    "It's a lot cheaper for us to hire some really awful people to find you and get the money back, so why don't you just hand over the encryption keys right now?

  3. Once again by mfh · · Score: 3, Insightful

    A Trend Micro analysis of the Nayana systems reveals endemic problems. It is no surprise that the hosting provider fell victim to this infection.

    Once again, a company is managed by sales guys not tech guys. What could possibly go wrong?

    IT Guy: "We need to upgrade our servers."

    Business guy: "That costs too much. Don't bring suggestions like that to a meeting again!"

    IT Guy: {{okay.png}}

    The version of Apache NAYANA used is run as a user of nobody(uid=99), which indicates that a local exploit may have also been used in the attack.

    Oh wait. Maybe it was an inside job?

    The gnuplot thickens!

    --
    The dangers of knowledge trigger emotional distress in human beings.
  4. Re:Well look who just went out of business! by Anonymous Coward · · Score: 2, Insightful

    Also, they just armed a criminal group with enough money to fund their next attack. Thanks for nothing.

  5. Re:Well look who just went out of business! by F.Ultra · · Score: 3, Insightful

    Please list any democratic country where it's illegal to pay a ransom. Paying a ransom is not equated with supporting a illegal organisation or as fencing in any jurisdiction that I'm aware of. Any attempt to make such payments would only yield one end result; the victims would be extremely less motivated to involve the police.