Slashdot Mirror
South Korean Web Hosting Provider Pays $1 Million In Ransomware Demand (bleepingcomputer.com)
An anonymous reader writes: Nayana, a web hosting provider based in South Korea, announced it is in the process of paying a three-tier ransom demand of nearly $1 million worth of Bitcoin, following a ransomware infection that encrypted data on customer' servers. The ransomware infection appears has taken place on June 10, but Nayana admitted to the incident two days later, in a statement on its website.
Attackers asked for an initial ransom payment of 550 Bitcoin, which was worth nearly $1.62 million at the time of the request. After two days of negotiations, Nayana staff said they managed to reduce the ransom demand to 397.6 Bitcoin, or nearly $1 million. In a subsequent announcement, Nayana officials stated that they negotiated with the attackers to pay the ransom demand in three installments, due to the company's inability to produce such a large amount of cash in a short period of time.
On Saturday, June 17, the company said it already paid two of the three payment tranches. In subsequent announcements, Nayana updated clients on the server decryption process, saying the entire operation would take up to ten days due to the vast amount of encrypted data. The company said 153 Linux servers were affected, servers which stored the information of more than 3,400 customers.
Attackers asked for an initial ransom payment of 550 Bitcoin, which was worth nearly $1.62 million at the time of the request. After two days of negotiations, Nayana staff said they managed to reduce the ransom demand to 397.6 Bitcoin, or nearly $1 million. In a subsequent announcement, Nayana officials stated that they negotiated with the attackers to pay the ransom demand in three installments, due to the company's inability to produce such a large amount of cash in a short period of time.
On Saturday, June 17, the company said it already paid two of the three payment tranches. In subsequent announcements, Nayana updated clients on the server decryption process, saying the entire operation would take up to ten days due to the vast amount of encrypted data. The company said 153 Linux servers were affected, servers which stored the information of more than 3,400 customers.
Also, can they be prosecuted for these payments? They are in the end sending money to an illegal organisation.
Trouble is, as soon as you had something like that, it would end up used for fraudulent transactions during normal purchases. I could buy a $800 phone from you, wait until I get the phone, then the bitcoins I paid you with disappear.
That is too true.
My old company I used to work for would not listen to me the IT manager, as the IT Director (Who was known as Can't Understand New Technology) inisted we only need one backup tape to backup the company data and insisted we kept the tape in his office. Needless to say I had all the memo's to backup (no pun) my position on this and many other matters. Well we had a fire, the tape got burnt and the servers were also fried and bang NO DATA, the company quickly sacked the IT manager with a 2 finger payoff.
So here's a funny story. Your database gets encrypted. You don't have a backup so you pay a ransom. IF the bad guy is nice, you get a key to decrypt your database again. Since you don't have any sort of backup to compare it to.... how the fuck do you know they haven't inserted/deleted/modified anything in there as well? You don't until things start happening. Even better, the bad guys know that you don't, because you were dumb enough to tell them by paying the ransom. Welcome to phase 2 of your security nightmare. You are now their bitch.
Seven puppies were harmed during the making of this post.